4 Healthcare Compliance Changes Happening Due to COVID-19

    The coronavirus pandemic has caused significant alterations in how people work, travel and enjoy leisure time. COVID-19 also brought about numerous healthcare compliance changes, temporarily put in place to increase provider flexibility and access to care. Here are four of them.

    Read More

    Network Strength During Quarantine: How Are Cloud Solutions Fairing Amidst COVID-19?

    If there's one constant throughout the coronavirus pandemic, it's a universal feeling of uncertainty. Internet services like cloud storage have become essential for many companies, but this raises some questions as well. As quarantine continues, how will it affect cloud solutions and home networks?

    Few people called the reliability of the cloud into question before the pandemic. The unprecedented surge in internet use brought on by quarantine may cause some to doubt the resilience of these systems. Networks and data centers haven't seen a test of strength like this before.

    The internet is essential to carrying businesses through this time of remote work. Will all the new stress affect things like network strength and cloud solutions?

    Read More

    Reducing Supply Chain Risk Through Better Data Management

    The supply chain is the backbone of many industries. A disruption at any point in the logistics process can send a ripple effect throughout the business, leading to lost profits and even lost customers. Supply chain risk mitigation is essential, and an often-overlooked aspect of this process is data management.
    Almost two-thirds of businesses don't use technology to monitor their logistics performance. This figure means that at least two-thirds of supply chains are likely not managing risk as effectively as they could. Using available technology to manage their data, companies can significantly reduce supply chain risks.

    Read More

    How Responsible Healthcare Data Management Saves Lives

    Healthcare has made enormous strides in recent years, thanks to technological breakthroughs. Advanced treatment methods and detection tools allow doctors and nurses to provide better care faster, but medicine is still far from perfect. Big data can help improve it.

    Business analytics and similar practices could make healthcare more accurate, more affordable and more effective. Though the methodology is still in its initial stages, big data examples in healthcare demonstrate significant promise. 

    Read More

    4 Security Authentication Updates for 2020

    No matter what kind of business you have, it's crucial to stay abreast of what's happening regarding security authentication. Updating your practices helps keep your data safe from hackers while ensuring that only the appropriate parties can see information associated with your company. 

    Here are four security authentication updates that are likely to shape 2020, as well as remain prominent for the foreseeable future. 

    Read More

    What AI in Medical Devices Means for Cybersecurity

    What AI in Medical Devices Means for Cybersecurity

    Artificial intelligence (AI) is increasingly being implemented into medical devices. That innovation could bring about ground-breaking changes in patient care. However, it also comes with relevant concerns about cybersecurity.

    Read More

    How Centralized Data Improves the Health Care Industry

    How Centralized Data Improves the Health Care Industry

    Centralized data systems allow information to exist inside one mainframe but remain accessible from numerous points. The content gets collected, stored and managed in one place, but centralization does not impact the ability of an authorized user to access the content from anywhere in the world.

    Here's a look at centralized data in health care and why this approach is so advantageous for the industry. 

    Read More

    7 Things You Should Look for in PCI Audit Partners

    Comply. Compete.

    Ignore either at your peril.

    Whether it be the damages that could result from a data breach caused by lax security or the operational inefficiencies—and thus competitive disadvantages—that could be caused by cumbersome policies and procedures, your organization must mitigate risks on multiple fronts as you seek to satisfy regulators, customers, and stakeholders alike.

    Read More

    Now that TSP Section 100 is in place, what does it mean for your SOC audit?


    Effective December 15, 2018, all SOC 2 audits now need to comply with TSP Section 100—the 2017 Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy.

    The new SOC 2 audit reports will focus on changes meant to address head-on the current security breach landscape, which appears to be getting worse with each incident.

    Many of these changes align with the 2013 Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control criteria already in place but feature tighter controls to thwart and mitigate cybersecurity breaches and increase flexibility in the application of controls over areas such as security and privacy. The new framework affects those service organizations which will be issuing SOC 2 and/or SOC 3 reports with reporting periods ending after December 15, 2018. Companies, who did not early adopt the new standard, will need to prepare for examinations of their controls under the new criteria, which aligns with the new COSO framework. 

    The new points of focus include:

    Security: The effectiveness of policies and procedures governing the way organizations protect themselves against unauthorized access and respond to security breaches resulting in unauthorized disclosure of information will be periodically evaluated.

    Availability: Information and systems must be available for operation and use to meet the entity’s objectives.

    Confidentiality: Information designated as confidential must be sufficiently protected from unauthorized access to meet organizational effectiveness.

    Processing Integrity: System processing should be complete, valid, accurate, timely, and authorized to meet organizational objectives.

    Privacy: Personally identifiable information must be collected, used, disclosed, and disposed of in a secure manner.

    What Are the Main Implications?

    The primary implications of these changes include positive impact on reporting clarity as a result of a defined level of transparency between service organizations and their users. Adding to the positive impact of the new framework, the detailed and thorough audits will be more satisfactory to service organization's clients and assessors. For service organizations, the revisions issued over the past 15 months represent new compliance challenges, which require additional controls, as well as additional effort preparing the system description.

    The main principles guiding the 2013 COSO Internal Control–Integrated Framework are comprehensive and are outlined here:

    Control Environment

    Your organization should demonstrate a commitment to integrity and ethical values. This starts with the board of directors ensuring oversight over management and performance of internal controls.

    Management, in turn, should work closely with the board of directors in pursuit of organizational objectives, which include the commitment to attract, develop, and retain competent staff and hold employees accountable for their internal-control responsibilities.

    Risk Assessment

    Your organization must not only identify and assess risks with sufficient clarity but also analyze those risks as a basis for how risks should be managed when they arise.

    In other words, have a well-thought-out plan of action.

    Your organization should also consider the potential for fraud in assessing risks to ensure the integrity of the process and identify changes, which could significantly affect the system of internal control―a fail-safe measure.

    Control Activities

    Your institution must select and develop control activities, which contribute to the mitigation of risk to the achievement of your goals to acceptable levels. Basically, you need to select processes for governing technology, which support your objectives, and you should deploy policies and procedures to establish expected outcomes.

    Information and Communication

    Governments and other related entities rely on information gathering to support their activities. Your organization is no different when it comes to meeting the new SOC 2 audit requirements.

    You will need to obtain and use relevant, quality information to support the functioning of internal control. In addition, it is essential to effectively communicate any information internally and externally―perhaps with third parties―regarding matters, which affect the functioning of internal control. In other words, all parties must talk to each other.

    Monitoring Activities

    Compliance is a function of how well you self-monitor your own activities. Your organization is expected to select, develop, and perform ongoing evaluations of the effectiveness of each component of internal control and its functional efficiency.

    If an internal control deficiency is identified, you are expected to communicate your findings to all parties responsible for taking corrective action, including C-suite executives, the board of directors, and other decision makers.

    As the cybersecurity landscape evolves, compliance becomes a constantly moving target, which often brings with it confusion over how to remain compliant.

    With such major changes coming your way, you may need to consider a Readiness Assessment to update your compliance program to align with TSP Section 100.

    Read More

    Protecting PII and PCI Compliance—Where the Two Intersect

    Securing sensitive customer information is paramount in ensuring compliance and protecting against data breaches.

    Read More

    Subscribe Here!