The American Institute of Certified Public Accountants (AICPA) has designed three distinguished SOC reports to accommodate the varying needs of service organizations, each with their own purpose and intended use. As such, when service organizations begin researching System and Organization Controls (SOC) reports, their first consideration often centers around determining which SOC report(s) is best for their needs.

An internal audit process should be present within the organization, and is vital to the design and effectiveness of any information security program. The requirements of an internal audit can be referred to in Clause 9.2 within the ISO-27001 standard. The process and time constraints of an internal audit vary based on the size and structure of the company. Also, a greater sense of detail and effectiveness of an internal audit should be similar across all organizations. Initially, a plethora of clients believe that an internal audit is a simple walkthrough of organizational specific processes and applicable controls; however, the internal audit requires the organization to review the ISO-27001 framework and all in-scope Annex A controls based on the Statement of Applicability (SOA). As a result, the ISO-27001 internal audit happens to be more stringent and control focused than many organizations believe it to be prior to beginning the audit.

An ISO 27001 certification can help your business stand out. It lets your customers and potential customers know you care about and will protect their information. It can also help you streamline internal processes.

Being involved with talent recruitment for Schellman, I am asked countless times about our Firm’s corporate culture and the inevitable follow-up question to that is,

In the popular modern musical Hamilton, the titular character is given an opportunity by George Washington. Hamilton can stay on the front lines of the American Revolution, or he can become the general’s aide-de-camp. It’s a choice between gaining glory amidst the fighting or an office job with an opportunity to influence who would become our first president.

In 2015 alone, 112 million healthcare records were compromised. If there’s one thing we can count on in the years to come, it would be increasingly sophisticated cybersecurity attacks that specifically target healthcare organizations. Why healthcare? Here are a few reasons.

CIOs have a unique vantage point over their organization. From where they sit, they see efficiencies, pain points, and potential weaknesses across all departments. This level of visibility is invaluable in today’s intricate, technology-driven, and information-rich business landscape.

Unfortunately, 2015 saw some seriously impressive information security hacks, the likes of which included those at major companies and entities like VTech, T-Mobile, the FBI, and even Trump Hotels. The silver lining? At the very least, hacks involving large organizations such as these garner tons of media attention and headline time, which brings awareness to the growing urgency of greater information security. But security executives like CISOs and CIOs still struggle to see eye-to-eye with non-security executives on the matter.