By:
Adam Russell
October 5th, 2023
Internal Audit (IA) and Governance, Risk, and Compliance (GRC) professionals are often charged with reading SOC reports from service providers to gain an understanding of each vendor’s controls, but many may not know how you can also use these reports to also enhance, mature, and drive their own audit and governance functions.
By:
Andy Rogers
October 3rd, 2023
To become FedRAMP authorized, you must pass the initial, rigorous FedRAMP assessment. But in the following years, you’ll also need to complete Annual Assessments performed by a third-party assessment organization (3PAO) if you’re interested in maintaining that compliance.
By:
Schellman
October 2nd, 2023
Inaugural Compliance and Risk Management Conference to Provide Insight from Leading Compliance, Cybersecurity Experts
Penetration Testing | Red Team Assessments
By:
JOSH TOMKIEL
September 28th, 2023
Penetration testing and red team assessments are often conflated or confused—though they’re both advantageous cybersecurity solutions, there are distinct differences between them that any organization considering either should know. Just to be clear, a penetration test is not a red team assessment.
Privacy Assessments | Privacy Impact Assessment
By:
Kathryn Young
September 27th, 2023
Generally, privacy impact assessments (PIAs) are defined as evaluation tools that help to better understand how information is gathered, used, maintained, and shared. It’s a formal analysis used to assess what privacy risks exist within the information processing activities that drive specific products and services.
By:
Tom Andresen Gosselin
September 26th, 2023
A new landmark in corporate climate change legislation, California Senate Bill (SB) 253, the Climate Corporate Accountability Act, has just been passed in the California Senate, and—now that it's been signed into law by the governor—it will mandate that the applicable companies report their direct greenhouse gas emissions as well as those generated by their utilities.
Payment Card Assessments | PCI DSS v4.0
By:
MATT CRANE
September 21st, 2023
In June 2023, the Payment Card Industry Security Standards Council (PCI SSC) released a new worksheet entitled “Items Noted for Improvement” (INFI)—while the Council encourages use of this worksheet for assessments based on earlier versions of PCI DSS, organizations undergoing a PCI DSS v4.0 assessment are required to use it.
HITRUST | Healthcare Assessments
By:
RYAN MEEHAN
September 19th, 2023
Though considered somewhat abbreviated in comparison to HITRUST’s other certification options, the HITRUST e1 Certification still represents a potentially beneficial path, particularly for those organizations that have already established their compliance programs.