Thank you for contacting Continuum GRC, the world leader in Proactive Cyber Security IRM GRC solutions. One of our Cybervisors will get back to you promptly.
The Continuum GRC Usage Policy
Updated August 10, 2025
Overview
The following usage policy terms are terms of a legal agreement between you and Continuum GRC. By accessing, browsing, or using this Website and all associated web properties under the Continuum GRC corporate umbrella, including the AuditMachine.com SaaS sites, you acknowledge that you have read, understood, and agree to be bound by these terms and to comply with all applicable laws and regulations, including export and re-export control laws and regulations. If you do not agree to these terms, please do not use this Website.
Continuum GRC may, without notice to you, at any time revise these Terms of Use and any other information contained in this Website by updating this posting. Continuum GRC may also make improvements or changes in the products, services, or programs described on this site at any time without notice.
General
This Website contains proprietary notices and copyright information, the terms of which must be observed and followed.
This site and all content in this site may not be copied, reproduced, republished, uploaded, posted, transmitted, distributed, or used for the creation of derivative works without Continuum GRC’s prior written consent, except that Continuum GRC grants you non-exclusive, non-transferable, limited permission to access and display the Web pages within this site, solely on your computer and for your personal, non-commercial use of this Website. This permission is conditioned on your not modifying the content displayed on this site, keeping intact all copyright, trademark, and other proprietary notices, and your acceptance of any terms, conditions, and notices accompanying the content or otherwise set forth in this site. Notwithstanding the foregoing, any software and other materials that are made available for downloading, access, or other use from this site with their own license terms, conditions, and notices will be governed by such terms, conditions, and notices.
Your failure to comply with the terms, conditions, and notices on this site will result in automatic termination of any rights granted to you, without prior notice, and you must immediately destroy all copies of downloaded materials in your possession or control. Except for the limited permission in the preceding paragraph, Continuum GRC does not grant you any express or implied rights or licenses under any patents, trademarks, copyrights, or other proprietary or intellectual property rights. You may not mirror any of the content from this site on another Website or in any other media.
Certain disclaimers
Information on this Website is not promised or guaranteed to be correct, current, or complete, and this site may contain technical inaccuracies or typographical errors. Continuum GRC assumes no responsibility (and expressly disclaims responsibility) for updating this site to keep information current or to ensure the accuracy or completeness of any posted information. Accordingly, you should confirm the accuracy and completeness of all posted information before making any decision related to any services, products, or other matters described on this site.
Continuum GRC provides no assurances that any reported problems will be resolved by Continuum GRC, even if Continuum GRC elects to provide information with the goal of addressing a problem.
Confidential information
Continuum GRC does not want to receive confidential or proprietary information from you through our Website. Please note that any information or material sent to Continuum GRC will be deemed NOT to be confidential. By sending Continuum GRC any information or material, you grant Continuum GRC an unrestricted, irrevocable license to copy, reproduce, publish, upload, post, transmit, distribute, publicly display, perform, modify, create derivative works from, and otherwise freely use those materials or information. You also agree that Continuum GRC is free to use any ideas, concepts, know-how, or techniques that you send us for any purpose. Personally identifiable information that you submit to Continuum GRC for the purpose of receiving products or services will be handled in accordance with our privacy policies. Please see the tab entitled “Privacy” for information regarding Continuum GRC’s privacy policies.
Not to be confused with data associated with the Continuum GRC ITAM SaaS solution systems, which are not integrated into the Continuum GRC company websites. Those Continuum GRC ITAM SaaS solution portals do maintain high levels of confidentiality, integrity, and availability that comply with globally recognized audit, compliance, attestation, and certification programs such as FedRAMP Moderate-High IL5, SOC 2 Type 2, HIPAA, PCI L1 Service Provider, EUCS, DFARS 800-171, NIST 800-53 Moderate-High, StateRAMP Moderate-High, C5, and CMMC L3-L4-L5.
Data that resides in the Continuum GRC ITAM SaaS solution systems is only accessible to those subscribers and customers utilizing the Continuum GRC ITAM SaaS platform. Additionally, the Continuum GRC ITAM SaaS solution for individual company subscriptions is not a multitenancy system architecture, and as such, provides complete physical and logical data segregation between subscribers and their customers or users of those systems.
For more information, please utilize the form below to contact a company representative.
Global availability
Information Continuum GRC publishes on the World Wide Web may contain references or cross-references to Continuum GRC products, programs, and services that are not announced or available in your country. Such references do not imply that Continuum GRC intends to announce or make available such products, programs, or services in your country. Please consult your local Continuum GRC business contact for information regarding the products, programs, and services that may be available to you.
Business relationships
This Website may provide links or references to non-Continuum GRC Websites and resources. Continuum GRC makes no representations, warranties, or other commitments whatsoever about any non-Continuum GRC Websites or third-party resources that may be referenced, accessible from, or linked to any Continuum GRC site. A link to a non-Continuum GRC Website does not mean that Continuum GRC endorses the content or use of such Website or its owner. In addition, Continuum GRC is not a party to or responsible for any transactions you may enter into with third parties, even if you learn of such parties (or use a link to such parties) from a Continuum GRC site. Accordingly, you acknowledge and agree that Continuum GRC is not responsible for the availability of such external sites or resources, and is not responsible or liable for any content, services, products, or other materials on or available from those sites or resources.
When you access a non-Continuum GRC Website, even one that may contain the Continuum GRC logo, please understand that it is independent of Continuum GRC and that Continuum GRC does not control the content on that Website. It is up to you to take precautions to protect yourself from viruses, worms, Trojan horses, and other potentially destructive programs, and to protect your information as you deem appropriate.
Linking to this site
All links to this Website must be approved in writing by Continuum GRC, except that Continuum GRC consents to links in which the link and the pages that are activated by the link do not: (a) create frames around any page on this Website or use other techniques that alter in any way the visual presentation or appearance of any content within this site; (b) misrepresent your relationship with Continuum GRC; (c) imply that Continuum GRC approves or endorses you, your Website, or your service or product offerings; and (d) present false or misleading impressions about Continuum GRC or otherwise damage the goodwill associated with the Continuum GRC name or trademarks. As a further condition to being permitted to link to this site, you agree that Continuum GRC may at any time, in its sole discretion, terminate permission to link to this Website. In such an event, you agree to immediately remove all links to this Website and to cease using any Continuum GRC trademark.
Translations
Certain text in this Website may be made available in languages other than English. Text may be translated by a person or solely by computer software with no human intervention or review. These translations are provided as a convenience to you, and Continuum GRC makes no representations or commitments regarding the accuracy or completeness of the translation, whether computer-generated or performed by a person. Please see the below Disclaimer of Warranty for additional conditions.
DISCLAIMER OF WARRANTY
USE OF THIS SITE AND PRODUCTS AND SERVICES OF CONTINUUM GRC AND OR LAZARUS ALLIANCE IS AT YOUR SOLE RISK. ALL MATERIALS, INFORMATION, PRODUCTS, SOFTWARE, PROGRAMS, AND SERVICES ARE PROVIDED “AS IS,” WITH NO WARRANTIES OR GUARANTEES WHATSOEVER. CONTINUUM GRC EXPRESSLY DISCLAIMS TO THE FULLEST EXTENT PERMITTED BY LAW ALL EXPRESS, IMPLIED, STATUTORY, AND OTHER WARRANTIES, GUARANTEES, OR REPRESENTATIONS, INCLUDING, WITHOUT LIMITATION, THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF PROPRIETARY AND INTELLECTUAL PROPERTY RIGHTS. WITHOUT LIMITATION, CONTINUUM GRC MAKES NO WARRANTY OR GUARANTEE THAT THIS WEBSITE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE.
YOU UNDERSTAND AND AGREE THAT IF YOU DOWNLOAD OR OTHERWISE OBTAIN MATERIALS, INFORMATION, PRODUCTS, SOFTWARE, PROGRAMS, OR SERVICES, YOU DO SO AT YOUR OWN DISCRETION AND RISK AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGES THAT MAY RESULT, INCLUDING LOSS OF DATA OR DAMAGE TO YOUR COMPUTER SYSTEM, ORGANIZATION, OR BUSINESS ENTITY.
SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU.
LIMITATION OF LIABILITY
IN NO EVENT WILL CONTINUUM GRC BE LIABLE TO ANY PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY TYPE WHATSOEVER RELATED TO OR ARISING FROM THIS WEBSITE OR ANY USE OF THIS WEBSITE, OR OF ANY SITE OR RESOURCE LINKED TO, REFERENCED, OR ACCESSED THROUGH THIS WEBSITE, OR FOR THE USE OR DOWNLOADING OF, OR ACCESS TO, ANY MATERIALS, INFORMATION, PRODUCTS, OR SERVICES OF CONTINUUM GRC AND OR LAZARUS ALLIANCE INCLUDING, WITHOUT LIMITATION, ANY LOST PROFITS, BUSINESS INTERRUPTION, LOST SAVINGS OR LOSS OF PROGRAMS OR OTHER DATA, EVEN IF CONTINUUM GRC IS EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS EXCLUSION AND WAIVER OF LIABILITY APPLIES TO ALL CAUSES OF ACTION, WHETHER BASED ON CONTRACT, WARRANTY, TORT, OR ANY OTHER LEGAL THEORIES.
Usage Policy Disclaimer for Third-Party Affiliate CPA Services
The third-party Certified Public Accountants (CPAs) affiliated with our platform operate as independent contractors and are not employees, agents, or representatives of Continuum GRC. These third-party CPAs are solely responsible for maintaining their own professional licenses and certifications, as well as securing and maintaining their own insurance coverage, including but not limited to professional liability insurance.
Continuum GRC does not endorse, guarantee, or assume any responsibility for the accuracy, quality, or reliability of the services provided by third-party affiliate CPAs. Any engagement or interaction between users and third-party CPAs is conducted at the user’s own risk, and Continuum GRC shall not be liable for any damages, losses, or claims arising from such engagements.
By using our platform to connect with third-party affiliate CPAs, you acknowledge and agree to the above terms and assume full responsibility for your interactions with these CPAs.
Usage Policy Disclaimer for Third-Party Affiliate CMMC Services
The third-party CMMC readiness and certification audit professionals affiliated with our platform operate as independent contractors and are not employees, agents, or representatives of Continuum GRC. These third-party CMMC Professionals are solely responsible for maintaining their own professional licenses and certifications, as well as securing and maintaining their own insurance coverage, including but not limited to professional liability insurance.
Continuum GRC does not endorse, guarantee, or assume any responsibility for the accuracy, quality, or reliability of the services provided by third-party affiliate CMMC Professionals. Any engagement or interaction between users and third-party CMMC Professionals is conducted at the user’s own risk, and Continuum GRC shall not be liable for any damages, losses, or claims arising from such engagements.
By using our platform to connect with third-party affiliate CMMC Professionals, you acknowledge and agree to the above terms and assume full responsibility for your interactions with these CMMC Professionals.
Usage Policy Disclaimer for Third-Party Affiliate QSA Services
The third-party Qualified Security Assessor (QSA) affiliated with our platform operates as an independent contractor and is not an employee, agent, or representative of Continuum GRC. These third-party QSAs are solely responsible for maintaining their own professional licenses and certifications, as well as securing and maintaining their own insurance coverage, including but not limited to professional liability insurance.
Continuum GRC does not endorse, guarantee, or assume any responsibility for the accuracy, quality, or reliability of the services provided by third-party affiliate QSAs. Any engagement or interaction between users and third-party QSAsis is conducted at the user’s own risk, and Continuum GRC shall not be liable for any damages, losses, or claims arising from such engagements.
By using our platform to connect with third-party affiliate QSAs, you acknowledge and agree to the above terms and assume full responsibility for your interactions with these QSAs.
Do you have a question?
Spear Phishing: Don’t Take the Bait!
Following a string of high-profile incidents that began earlier this year, the healthcare industry has been highly focused on preventing ransomware attacks. IoT security has also emerged as a growing concern. However, healthcare organizations (as well as businesses in other industries) cannot afford to ignore another growing threat: spear phishing.
Like regular phishing, spear phishing involves sending legitimate-looking but fraudulent emails asking users to provide sensitive information and/or initiate wire transfers. However, while regular phishing emails are sent out en masse to the general public, spear phishing emails are highly targeted and sent to specific, predetermined victims, usually a small group of people working at a specific company.
In a recent press release, the Federal Bureau of Investigation warned of a dramatic rise in a type of spear phishing known as a “CEO email scam” or a “business email compromise scam.” According to the FBI, from October 2013 to February 2016, law enforcement identified 17,642 victims, totaling $2.3 billion in losses. Since January 2015, reports of spear phishing have increased by 270%.
Main Line Health Attack Proves that Employee Data Is at Risk
In February 2016, while everyone’s attention was focused on the Hollywood Presbyterian ransomware attack, Main Line Health, which operates four hospitals near Philadelphia, was hit by a spear phishing scheme. Emails were sent to employees, purportedly from the organization’s CEO and CFO, requesting employee payroll and W2 information. While some employees immediately realized the emails were fraudulent and reported them to management, at least one employee was tricked into sending the requested information to the hacker. As a result, Main Line Health had to notify its employees that their personal information may have been compromised and offer them free credit counseling and monitoring services.
When healthcare organizations think about cybersecurity, they usually focus on patient data protection. However, the hackers who compromised Main Line Health were not seeking to infiltrate patient data, but employee data, and the attack may have been connected to a very large spear phishing scheme targeting HR and payroll professionals in various industries nationwide. It is suspected that the hackers running the scheme intended to use the stolen data to file fraudulent tax returns.
How to Protect Against Spear Phishing
Email spam filters can be adjusted to recognize emails from suspicious sources and block them before they reach employees’ inboxes. However, some phishing emails will undoubtedly still get through. The best way to protect against spear phishing is to teach employees how to recognize the telltale signs of a spear phishing email, such as:
- The salutation and/or the closing seem odd. For example, management normally refers to you as “William” or “Mr. Doe,” but the email is addressed to “Bill.” In the case of Main Line Health, the closing is what alerted one employee to the fraud; the email message, which purported to be from the CEO, was signed “John Lynch,” but the employee knew that the company’s CEO goes by “Jack.”
- The request is unusual and/or does not follow normal company protocol. For example, the email is asking for employee W2 information, but requests like this are not normally handled through email or by the employee who received the request, or the person who allegedly sent the email has never requested similar information before, or it’s unusual for the person who allegedly sent the email to directly contact that particular employee.
- The wording and tone of the email are stilted. Many spear phishing attacks are launched by foreign hackers who are not fluent in English; the email may be riddled with punctuation, spelling, or grammar errors, be worded oddly, or use British spelling. The wording may also be overly formal – or overly casual.
- The domain the email was sent from is incorrect. Instead of “yourcompany.com,” the email may have been sent from “yourcompany.com-xyz.com” or some other derivative.
Employees should be taught that if something seems “off” about an email, they should consult a supervisor or IT security personnel before responding to it. Additionally, as part of your organization’s overall cybersecurity plan, a firm protocol should be established regarding requests for sensitive employee and patient data, and employees should be trained not to release sensitive data unless the protocol is followed.
In addition to using email spam filters to intercept suspicious messages, training employees to spot spear phishing emails, and implementing a solid security plan that includes protocol for the release of sensitive data, it’s a good idea for healthcare facilities to enlist the services of a professional cybersecurity firm such as Continuum GRC. The cybersecurity experts at Continuum GRC have deep knowledge of the cybersecurity field, are continually monitoring the latest information security threats, and are committed to protecting your healthcare organization from security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cybersecurity programs.
Continuum GRC is proactive cybersecurity®. Call 1-888-896-6207 or book some time with us to discuss your organization’s cybersecurity needs and find out how we can help you protect your facility’s employee and patient data.