Imagine this scenario: you’ve received some test results from some procedure. Those results are to be moved between institutions because you have doctors in different departments of a healthcare system. 

Normally, we’d think that these institutions would electronically transmit these results through some secure channel… but then you see that your doctor has your results, in hand, in a USB key that they plug into their computer. 

This, of course, is a considerable risk. HIPAA regulations require that institutions protect PHI in specific ways with straightforward controls, and many threats can undermine physical media. 

So, what’s the issue with using USB thumb drives? 

Read More

SOC audits are some of the most common non-regulatory audits in the U.S. These attestations provide companies with a way to demonstrate their dedication to transparent and secure financial reporting and protecting consumer information. Accordingly, SOC reporting can become an in-depth and complicated task that is rendered even more complicated when factoring in subservice providers. 

We’ll cover two ways to account for subservice provider services in your financial and IT infrastructure: carve-out and inclusive reporting. 

Read More

With COVID-19, always-online eCommerce and the migration to remote, distributed workforces, IT security is more important now than ever. In some industries, regulations can dictate the privacy and security requirements that every organization must meet. In others, those regulations may be less rigorous or even non-existent. That’s why many organizations turn to additional frameworks to shore up their approach to security. That’s where SOC 2 comes in. 

Service Organization Control (SOC) is a standard put into place by the American Institute of Certified Professional Accountants (AICPA) to help financial institutions protect client and customer data. Because the framework is robust and focused, many organizations opt to achieve certification as part of a larger security and customer relationship strategy. 

In 2022, after such dynamic shifts in our lives (particularly those tied to digital information), SOC 2 is more important than ever. Specifically, the five Trust Criteria can serve as the backbone of modern privacy and compliance strategies. 

Read More