The International Organization for Standardization (ISO) has released a second edition to ISO 27018, its guidance for cloud service providers who process personally identifiable information (PII), which was initially released in 2014. As we know, the world of information technology and the protection of PII is an ever-evolving concern. We addressed how ISO 27018 interplays with other key regulations (such as the GDPR) here. Now with this new guidance set forth from ISO, it begs the question: is this a major or minor change?

The fight against cyber threats is one that requires much more preparation than it may have in the past. Today, threats and attacks are disrupting business operations and unnerving boards of directors, managers, customers, investors, and other stakeholders in organizations of all sizes, both public and private. The first rule in a fight is to protect yourself at all times, and the AICPA's SOC for Cybersecurity reporting framework can help.

As technologies continue to advance, corporations will consistently evaluate whether responsibilities should be managed internally or outsourced to a qualified vendor. Whatever the criteria your senior management / board of directors utilize as a benchmark for vendor consideration, questions and concerns should be at the forefront of the vendor management program. A primary consideration to remember is that while the idea of outsourcing tasks may seem like the clear risk management option, an organization must understand that the associated risks are not removed from the company, but rather just transferred and still a responsibility for the firm collecting and transmitting their customer information.

Now also known as the growing Internet of Things (IoT), connected devices are becoming more and more integrated into our everyday lives, continuously collecting our personal and non-personal data to make life more convenient. As such, manufacturers are constantly searching for new ways to connect devices, expanding the IoT to include home security systems, healthcare devices, smart locks, and children’s toys to meet both expectation and demand. Though all of this indicates positive technological innovation and progress, one substantial problem remains – data security and privacy.

Now also known as the growing Internet of Things (IoT), connected devices are becoming more and more integrated into our everyday lives, continuously collecting our personal and non-personal data to make life more convenient. As such, manufacturers are constantly searching for new ways to connect devices, expanding the IoT to include home security systems, healthcare devices, smart locks, and children’s toys to meet both expectation and demand. Though all of this indicates positive technological innovation and progress, one substantial problem remains – data security and privacy.

Having officially been a DC dweller for just over one month now, my new city has already far surpassed my expectations, but even before heading north, I knew DC would be great for our family of two. It also helps that I am fortunate to have a supportive team at Schellman & Company that has allowed me to continue working from a different location, which made the transition as easy as it could be.

Imagine this, it's a late Wednesday afternoon and you are wrapping up your previous SOC engagement while simultaneously working on your current engagement. A check of your upcoming schedule reveals that next week, yet another SOC engagement for a client in your area looms. Juggling multiple engagements can be tricky, but must less so if there’s a tried and true process that’s become routine. Here are five easy steps to help an auditor prepare for a SOC engagement.