In previous blog posts, we’ve discussed the role of technology and HIPAA (related explicitly to HITECH regulations). However, the growth of intelligent devices and the Internet of Things (IoT) has led to a sea change in how Covered Entities (CEs) and Business Associates (BAs) manage their patients. Likewise, it adds new wrinkles to how these organizations manage their compliance requirements under HIPAA. 

Here, we’ll discuss some of the overlaps between HIPAA requirements and risks posed by smart, IoT-based devices. 

Read More

Understanding the structure of a SOC 2 report is essential for both businesses and service providers who are thinking ahead to their audit and attestation. It will serve as the “story” of an organization’s SOC 2 journey, covering the evaluation of their adherence to the Trust Services Criteria (TSC)–security, availability, processing integrity, confidentiality, and privacy. 

In this blog post, we will provide an overview of the standard structure of a SOC 2 report, encompassing its various sections and the information included in each of these segments. 

Read More

The Federal Risk and Authorization Management Program (FedRAMP) is a security assessment and authorization program for cloud services used by the federal government. It is designed to ensure that cloud services meet the federal government’s security requirements, and that sensitive government data remains protected. A critical component of the FedRAMP security authorization process is the Security Assessment Report (SAR).

In this blog post, we will examine the importance of the SAR in the FedRAMP security authorization process and provide an in-depth overview of the information that should be included in the report. We will also discuss the benefits of preparing a comprehensive SAR and the consequences of failing a FedRAMP security assessment.

Read More