Audit Machine Awareness Continuum GRC ITAM

SOC 2 Reports Explained

Sep 2, 2020 Continuum GRC 0 Comment

SOC 2 compliance is an essential component of information security for many businesses and organizations.

What is a SOC 2 Report?

Introduced in 2011, Service Organization Control (SOC) reports are becoming more and more popular in data security and compliance discussions with every passing year, especially SOC 2. But what is a SOC report? Which one do you need? Why is a SOC 2 report so important?

There are three types of SOC reports, which are “designed for the growing number of technology and cloud computing entities that are becoming very common in the world of service organizations,” according to ssae16.org. If a SOC 1 report handles the financial transactions a company makes, SOC 2 reports on the security behind those financial transactions, making it more relevant than ever in the growing wake of credit card fraud and data breaches.

HIPAA Compliance and Telehealth

Jun 10, 2020 Continuum GRC 0 Comment

One of the many changes brought by the COVID-19 pandemic may be the permanent expansion of telehealth. According to a recent study, the US telehealth market is expected to witness an 80% year-over-year growth in 2020. Numerous video communications services exist, not all provide sufficient privacy and security to facilitate the provision of health care (and HIPAA compliance). While the Office for Civil Rights (OCR) of the United States Department of Health and Human Services (HHS), the division charged with enforcing HIPAA, has provided some flexibility during the pandemic, at some point, it is reasonable to assume that OCR will again raise standards.

Is your BYOD Policy Still Effective?

May 14, 2020 Continuum GRC 0 Comment

Reviewing your BYOD Policy

Many organizations already have a BYOD (Bring your own device) policy for mobile devices and allow employees to use their own devices — mostly smartphones — with certain restrictions. However, the current pandemic has forced companies to ramp up their work from home initiatives. In some cases, companies did not have BYOD or remote work policies before the pandemic. Implementing a BYOD policy comes with a lot of security concerns, adding to the increased risk of cyberattacks already brought on by remote work. To avoid a costly data breach, your organization must use caution while executing a BYOD strategy.

After several weeks and months, parts of the globe are beginning to open; now is the time to review and evaluate their BYOD policies. With the possibility of multiple COVID-19 waves in the future and the changing workforce from the pandemic, a proper BYOD policy is more important than ever.