With increased scrutiny and regulations surrounding cybersecurity, it's a topic that is “talk of the industry.” Developed by the American Institute of Certified Public Accountants (AICPA), the SOC [...]

A cybersecurity plan helps protect organizations from potential vulnerabilities. A vulnerability can be a data breach, phishing attack or another form of system exposure. It’s important to [...]

Strong information security is crucial to safeguarding your organization and customer data. Information security always keeps confidentiality, integrity and availability at the core. This means [...]

When you outsource to a third party, cybersecurity risk is a huge possibility. The confidentiality of your organization’s and customer’s data is on the verge of being exposed daily as your third [...]

Complementary User Entity Controls (CUECs), also known as User Control Considerations (UCCs), are controls that the vendor has included within its system and rely on the user entity (you) to [...]

In today’s tech environment, it’s common to outsource a product or service to a vendor who specializes in that area. Typically, it makes the most economical sense for a business, too. But what [...]

If you’re a regulated organization, you likely already understand that you should be asking many of your vendors for a SOC report, especially your critical or high risk vendors.  

Unfortunately, a reality that we’re living in is that it’s likely that a breach will happen at some point. So, it’s important to prevent and be prepared.

A few years ago, the New York Department of Financial Services (NYDFS) released survey results giving us more insight regarding many bank’s cybersecurity preparedness. The NYDFS surveyed 40 [...]

A bridge letter, also known as a gap letter, is made available by the service organization (your vendor) to cover a period of time between the reporting period end date of the SOC report and the [...]

Requesting a SOC report from your vendor is an important step to validate that the proper controls are in place at that company, and if not, to give you the opportunity to request your vendor [...]

With the increase in cybersecurity breaches, it’s critical to monitor and fully understand your vendor’s information security posture in order to protect the company from unnecessary risk. There [...]

The purpose for the creation of the SSAE 18, in May 2017, was to clarify the auditing standards and to reduce duplication within similar standards covering examinations, reviews and agreed-upon [...]

Business continuity planning allows for businesses to ensure that their key operations, products and services continue to be delivered either in full or at a predetermined level of availability. [...]

A few weeks ago, on April 24, 2018, the Securities and Exchange Commission (SEC) fined Altaba, Inc., aka Yahoo, $35 million for a massive data breach that impacted around 50 million users in 2014. 

We know your organization is more than likely investing in their cybersecurity program to take precautions and prevent unnecessary breaches, but are your third and fourth party vendors?

It’s [...]

As part of your vendor due diligence, you should be spending time on cybersecurity. To help you out, I've got 10 tips

October being National Cybersecurity Awareness Month reminds us to take a look at vendor cybersecurity.