How Managed Detection and Response Helps with Compliance
Managed detection and response (MDR) services can make PCI DSS, SOC and HIPAA compliance much easier. Using a third-party to monitor networked environments for incidents will help business leaders sleep better knowing they have implemented best practices for protecting their computer systems and their clients’ information. These services typically involve
Cloud Vendor Management for Small Businesses: Five Tips for Your RFP Process
If you do not have a procurement department taking care of the Request for Proposal (RFP) process for you, and especially if cloud-based providers are new to you, here are some tips for planning for the RFP process. (Planning is important; remember the carpenters’ creed: “measure twice, cut once.”) Recognize
SOC Reports and PCI: Better Together
Benefits of Adding a SOC report to your annual PCI audit (or vice versa): For companies undergoing the PCI DSS reporting process (Payment Card Industry Data Security Standards), it can make a lot of sense to add a SOC (Service and Organization Controls) report from the
HITRUST Common Security Framework Compliance – more than just HIPAA
As Barnes Dennig added another CCSFP this month, we wanted to reflect on the evolution of the Common Security Framework. Although the HITRUST Alliance was started by a consortium of healthcare industry leaders, the Common Security Framework (CSF) continues to address a number of criteria beyond HIPAA. It will be
SOC 2 vs. SOC for Cybersecurity
The AICPA released a nice comparison of their SOC 2 and SOC for Cybersecurity products. With all of the concern about data security today, the two products can be valuable. However, their titles do not explain the differences in audience, scope, purpose, or contents. Now there is a simple, two-page