Jan 28

SOC 2: Importance of Stakeholders Collaboration

Involving all relevant stakeholders in the SOC 2 implementation process is essential for ensuring that your controls are effective and aligned with your business objectives. …

Grc

6 min read

Grc

6 min read

Jan 15

HIPAA Expected Evidence

Click the link below to be redirected to the spreadsheet HIPAA Expected Evidence SpreadsheetHIPAA ID,Control,Expected Evidence,Standard Hierarchy,Frequency164.308(a)(1)(D),Security Management Process — Information System Activity Review — Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking …Google Docs

Grc

1 min read

Grc

1 min read

HIPAA Expected Evidence

Click the link below to be redirected to the spreadsheet

HIPAA Expected Evidence SpreadsheetHIPAA ID,Control,Expected Evidence,Standard Hierarchy,Frequency164.308(a)(1)(D),Security Management Process — Information System Activity Review — Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking …Google Docs

Jan 3

Audit Principles and Concepts

Carve-out method Method of dealing with the services provided by a subservice organization. The nature of the services performed by the subservice Organization is included in section 3, but the relevant related controls are excluded. …

Grc

3 min read

Grc

3 min read

Jan 3

Audit Principles and Concepts

Principle/concept Description Carve-out method Method of dealing with the services provided by a subservice organization. The nature of the services performed by the subservice Organization is included in section 3, but the relevant related controls are excluded. …

Grc

3 min read

Grc

3 min read

Jan 2

Evidence Gathering Recommendation: Adding TimeStamp To Screenshots

Install Timestamp App https://github.com/mzdr/timestamp When Taking Screenshots Remember when taking screenshots for evidence that you will upload to your GRC tool of choice you should add a timestamp in the image. This will allow the auditor will know that the evidence was taken during whatever period that will be auditing for. Please see the screenshot below as an example.

Grc

1 min read

Grc

1 min read

Evidence Gathering Recommendation: Adding TimeStamp To Screenshots

Install Timestamp App

https://github.com/mzdr/timestamp

When Taking Screenshots

Remember when taking screenshots for evidence that you will upload to your GRC tool of choice you should add a timestamp in the image.

This will allow the auditor will know that the evidence was taken during whatever period that will be auditing for. Please see the screenshot below as an example.

Dec 23, 2022

Mapping Security Controls to the HITRUST framework

Mapping your security controls to the HITRUST Common Security Framework (CSF) is an important step in the process of preparing for a HITRUST audit. The CSF is a comprehensive security framework that provides guidance on the controls and practices needed to protect sensitive healthcare information. Here are a few steps…

Grc

2 min read

Grc

2 min read

Dec 22, 2022

SOC 2: Selecting a SOC 2 Auditor

Selecting a SOC 2 auditor is an important decision for any organization, as the auditor will be responsible for evaluating the effectiveness of your controls related to security, availability, processing integrity, confidentiality, and privacy. Here are a few criteria to consider when selecting a SOC 2 auditor: Independence: It’s important…

Soc 2

2 min read

Soc 2

2 min read

Dec 21, 2022

SOC 2: Overcoming Common Roadblocks

As an organization, undergoing a SOC 2 audit can be a complex and time-consuming process. It requires a thorough review of your systems and controls, as well as the documentation supporting those controls. …

Soc 2

5 min read

Soc 2

5 min read

Dec 21, 2022

SOC 2 Audit Process

SOC 2 is a cybersecurity audit that evaluates an organization’s controls related to security, availability, processing integrity, confidentiality, and privacy. It is typically conducted by an independent third party, such as a certified public accounting firm. The SOC 2 audit process typically involves the following steps: Preparation: The organization being…

2 min read

Oct 19, 2022

Slack Best Practices Part 1: Channel Naming

The Importance of Naming Naming conventions can make or break Slack utilization for an organization. They are how people find the conversations they’re looking for. Being able to find channels is key. General Channels #whats-happening-at-: General announcements and company-wide broadcasts #questions: Ask all of for help with any question you…

3 min read

SOC 2: Importance of Stakeholders Collaboration

HIPAA Expected Evidence

HIPAA Expected Evidence

Audit Principles and Concepts

Audit Principles and Concepts

Evidence Gathering Recommendation: Adding TimeStamp To Screenshots

Evidence Gathering Recommendation: Adding TimeStamp To Screenshots

Mapping Security Controls to the HITRUST framework

SOC 2: Selecting a SOC 2 Auditor

SOC 2: Overcoming Common Roadblocks

SOC 2 Audit Process

Slack Best Practices Part 1: Channel Naming

Austin Songer