The HIPAA Security Rule and Risk Management

HIPAA featured

The Healthcare Insurance Portability and Accountability Act (HIPAA) is one of the more complex regulations in the U.S., due in no small part to the complicated and open-ended nature of the law. 

What should companies do? In this case, covered organizations are turning to risk-based assessments to help them support their security approaches. 

Here, we will discuss how risk plays a role in the rule of HIPAA law. 

Read More

Managed Service Providers: How Secure Are Your Services?

MSPs featured

The increasing use of cloud vendors and third-party providers has made advanced IT infrastructure and expertise available even to smaller organizations. It has also created an interconnected ecosystem of businesses, government agencies, utility firms and managed service providers (MSPs) that can potentially compromise security across multiple systems. 

If you’re a managed service provider, it’s your responsibility to ensure that your systems are secure, that your partnerships are equally secure, and that you maintain continuing risk management and monitoring against all services. 

 

Read More

What Is SSAE 18, and How Does it Relate to SOC Reports?

SSAE 18 featured

Most organizations have at least heard of SOC reports. Published and administered by the American Institute of Certified Professional Accountants (AICPA), the SOC umbrella of attestations helps organizations demonstrate adherence to best practices around data privacy, cybersecurity, risk assessment and financial reporting. 

Since SOC requirements come directly from the AICPA, the organization releases documents pertaining to guidance for audits and compliance. One of the primary documents for SOC compliance is Statement on Standards for Attestation Engagements no. 18 (SSAE 18). 

 

Read More