So, you are trying to onboard a new customer, a customer who you have been going after for a while, a customer who can bring good fortune to the organization and then when you are almost certain that the deal is yours, they asks if you are ISO 27001 certified or not. You are not…

Why HIPAA and GDPR cannot replace each other? Its a misconception that GDPR and HIPAA can replace each other. Many companies misconstrue both the compliances. They think that HIPAA is USA, GDPR is EU and both talk about personal information. They further think that implementing one, means automatically implementing the other. Unfortunately that is not…

What is the difference between SOC2 Type 1 report and Type 2 report? A SOC report helps organizations that provide a given type of service to another organization show the effectiveness of their internal controls environment. A SOC 2 audit provides both detailed information and assurance of the service organization’s controls relevant to security, availability,…

GDPR Compliance for Mobile Apps Many mobile apps handle PII (Personally Identifiable Information), which can be as simple as person’s name, phone number and address. Or it can be as complex as their fingerprint details captured via mobile device and the app running on it. The GDPR compliance (General Data Protection Regulation) mandates that the…

While there are many companies going for or considering GDPR implementation after 25th May 2018, there are a bunch of those who are still contemplating on what to do about it. GDPR is not as easy to implement as ISO 27001 and requires a very different approach. This is especially true and gets further complicated…

To the question in title, if I was a hacker I would ask myself “why not”?. Its simple really. Hackers always go for the data which either they can use for themselves or they can sell and earn money. PHI (Personal Health Information) or the EHR (Electronic Health Records) data is that form of electronic…

While choosing ISO27001 consultant or implementation partner, usually companies do not know the basis on which they should select the right vendor. Due to lack of adequate awareness and hence as a common practice, organisations choose to select ISO27001 Consultant Company purely based on cost. Typical mistakes in implementing ISO27001 Compliance All those who are…

Cloud services offer great scalability and flexibility. However, for a company, the adoption of cloud services is challenging as it raises concerns about security. Even though being ISO 27001 certified, if a company is using or providing cloud based services, then they must see what the ISO standards for Cloud Computing have in store for…

SOC for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report. Each type of SOC for Service Organizations report is designed to help service organizations meet specific user needs. Which SOC Report…

Confidentiality is the term used to describe information/data privacy which means the information is not made available or disclosed to unauthorized entities or individuals. Integrity is the term used to describe information/data accuracy and completeness throughout its lifecycle. That means that the data cannot be modified by an unauthorized entities or individuals. Availability is the…