SOC 2: Trust Services Criteria and Secure IT in 2022

trust services criteria featured

With COVID-19, always-online eCommerce and the migration to remote, distributed workforces, IT security is more important now than ever. In some industries, regulations can dictate the privacy and security requirements that every organization must meet. In others, those regulations may be less rigorous or even non-existent. That’s why many organizations turn to additional frameworks to shore up their approach to security. That’s where SOC 2 comes in. 

Service Organization Control (SOC) is a standard put into place by the American Institute of Certified Professional Accountants (AICPA) to help financial institutions protect client and customer data. Because the framework is robust and focused, many organizations opt to achieve certification as part of a larger security and customer relationship strategy. 

In 2022, after such dynamic shifts in our lives (particularly those tied to digital information), SOC 2 is more important than ever. Specifically, the five Trust Criteria can serve as the backbone of modern privacy and compliance strategies. 

 

Read More

What Are Data Protection Impact Assessments in GDPR?

DPIA featured

The General Data Protection Regulation (GDPR) has fundamentally changed how organizations do business in the European Union. It isn’t enough to undergo audits or meet arbitrary security requirements. Like many high-stakes security contexts, GDPR requires a company to dedicate significant time to maintaining data privacy, cybersecurity and consumer rights. 

To help address high-risk data processing situations, GDPR may require your business to complete a Data Protection Impact Assessment or a DPIA. For many companies, these are not optional so we will cover the details in this article. 

Read More

What Is the HITECH Act, and How Can I Be Compliant?

HITECH featured

HIPAA was passed into law in 1996–not exactly the heyday of digital technology. It wasn’t until over a decade later that Congress decided to implement updates to the law to address the rise of digital technology. Their goal? To push providers to update their record-keeping to Electronic Health Record (EHR) systems, secure those systems effectively, and eliminate the loopholes that would prevent adherence to the law. 

Thus, the Health Information Technology for Economic and Clinical Health, or HITECH, was born. Here, we’ll discuss some of the changes that HITECH made to HIPAA law and how that informs the compliance obligations of businesses in the healthcare industry. 

 

Read More