What Are Health Industry Cybersecurity Practices (HICP)?

May 18, 2022 Continuum GRC 0 Comment

GRC compliance image - Continuum GRC solutions for cyber security and audit AI-powered cybersecurity 2025 zero trust ransomware protection supply chain security regulatory compliance operational resilience

Any organization in the healthcare industry knows that cybersecurity is a critical component of doing business. So much so, in fact, that any enterprise handling protected health information (PHI) must implement and maintain strict cybersecurity and privacy controls to protect patient data from unauthorized disclosure.

However, understanding that HIPAA is a requirement for operation doesn’t necessarily make compliance or effective cybersecurity much easier to implement. That’s why an initiative conceived by government agencies, known as the Health Industry Cybersecurity Practices (HICP), was put into action to align security along with government and industry best practices.

What Is SSAE 18, and How Does it Relate to SOC Reports?

Mar 23, 2022 Continuum GRC 0 Comment

Featured SSAE 18 insights from Continuum GRC. Enhance 2025 compliance with top GRC software, risk assessment, and AI-powered cybersecurity defenses.

SSAE 18 is a statement that sets standards for reporting on the controls and processes related to financial reporting. It comes from the American Institute of Certified Public Accountants, outlining the framework for reporting on internal controls. The SSAE 18 is designed to provide assurances that the reporting of service organizations is secure, thorough, and on point. For SOC reports, an SSAE 18 statement outlines controls to ensure they’re reliable.

Most organizations have at least heard of SOC reports. Published and administered by the American Institute of Certified Professional Accountants (AICPA), the SOC umbrella of attestations helps organizations demonstrate adherence to best practices around data privacy, cybersecurity, risk assessment and financial reporting.

Since SOC requirements come directly from the AICPA, the organization releases documents pertaining to guidance for audits and compliance. One of the primary documents for SOC compliance is Statement on Standards for Attestation Engagements no. 18 (SSAE 18).

What Does it Mean to be FISMA Compliant?

Jan 19, 2022 Continuum GRC 0 Comment

Featured FISMA insights. Enhance 2025 cybersecurity with Continuum's FISMA-ready GRC software and risk assessment.

The Federal Information Security Act, or FISMA, is a comprehensive cybersecurity law that has a widespread impact on federal agencies, state agencies handling federal programs and contractors and service providers working with these agencies. As such, its effect is wide-ranging, and FISMA requirements often overlap or inform other, more specific compliance frameworks.

However, at its core, FISMA dictates some of the basic and most fundamental cybersecurity practices that governed organizations must adhere to. Learn more about what it means to meet FISMA compliance.