Fedramp certification & Cybersecurity & Compliance Firm

Even though compliance is an on-going process, each individual assessment has its own lifecycle, which begins with a self-assessment of scoping factors. This can be a tedious process to complete for every audit, especially if the same questions get asked more than once, or continue to show up in assessment requirements. Fortunately, HITRUST has introduced a strategic approach to its scoping factors, which it announced in its Assurance Advisory: 2020-003. HITRUST made multiple changes to its scoping factors, streamlining the audit process by mapping scoping factor questions to assessment requirements – eliminating unrelated requirements. The scoping factor now includes additional context to questions to avoid the typical back-and-forth that could occur during QA of the assessment. This Assurance Advisory is set to minimize unrelated requirements when a scoping factor is marked “no” and to curtail the constant flow of “this is not applicable because…” responses currently captured in HIT...

As we enter the home stretch of 2021, many organizations are reflecting on this past year and synthesizing lessons learned to inform a more focused and effective business strategy moving forward. Our 2021 Compliance Benchmark Report provided significant insights on how organizations are navigating the current compliance landscape, as well as how they are preparing for the future. By surveying more than 200 cybersecurity, IT, quality assurance, internal audit, finance, and other professionals, we discovered a great deal about what makes compliance programs run smoothly and efficiently, and where there may be areas for improvement for businesses of all sizes and across all industries. Here are five compliance management best practices gleaned from the 2021 Compliance Benchmark Report that you can use to improve your organization’s compliance program. Best Practice #1: Combine Audits for Greater Efficiency One of the standout findings from our Compliance Benchmark Report was the revelat...

In 2021, we saw an increase in international expansion and need for compliance certifications, and big changes in the privacy landscape. As we near the end of the year, European organisations should be thinking ahead to the compliance challenges and opportunities that are coming in 2022. It’s always best to be proactive in strategising for future regulations, standards, and policies — even if you feel your business is currently running with all systems fully operational. Here are a few of the changes, trends, and predictions in the world of European business that I believe will make a big difference throughout 2022. GDPR and the New Standard Contractual Clauses (SCCs) Last year’s court ruling that the EU–U.S. Privacy Shield framework is no longer a valid data transfer mechanism under the General Data Protection Regulation (GDPR) brought about new standard contractual clauses (SCCs), which were approved in June 2021. These were introduced to replace the old SCCs (last updated in 2010) ...

When it comes to cybersecurity preparedness, it’s not about “if” but “when” an incident will occur. This illustrates an urgent need for organizations to increase cybersecurity awareness and education to better prepare themselves against an inevitable cybersecurity event. Here are the top three cybersecurity trends we think are worth watching as we approach 2022, and how you can prepare your organization to be ready for the possibility of these threats.  Ransomware Ransomware attacks have made headlines for well over a year at this point, even making an appearance as the lead storyline in various TV shows, for good reason. The ransomware global attack volume increased by 151% for the first six months of 2021 compared to the first six months of 2020. But what exactly is ransomware? Ransomware is a type of malware that encrypts files once inside an organization’s network. Doing so makes the files unusable, as well as the systems that rely on that information to run, enabling malicio...