What is the difference between SOC2 Type 1 report and Type 2 report? A SOC report helps organizations that provide a given type of service to another organization show the effectiveness of their internal controls environment. A SOC 2 audit provides both detailed information and assurance of the service organization’s controls relevant to security, availability,…
GDPR Compliance for Mobile Apps Many mobile apps handle PII (Personally Identifiable Information), which can be as simple as person’s name, phone number and address. Or it can be as complex as their fingerprint details captured via mobile device and the app running on it. The GDPR compliance (General Data Protection Regulation) mandates that the…
While there are many companies going for or considering GDPR implementation after 25th May 2018, there are a bunch of those who are still contemplating on what to do about it. GDPR is not as easy to implement as ISO 27001 and requires a very different approach. This is especially true and gets further complicated…
To the question in title, if I was a hacker I would ask myself “why not”?. Its simple really. Hackers always go for the data which either they can use for themselves or they can sell and earn money. PHI (Personal Health Information) or the EHR (Electronic Health Records) data is that form of electronic…
While choosing ISO27001 consultant or implementation partner, usually companies do not know the basis on which they should select the right vendor. Due to lack of adequate awareness and hence as a common practice, organisations choose to select ISO27001 Consultant Company purely based on cost. Typical mistakes in implementing ISO27001 Compliance All those who are…
Cloud services offer great scalability and flexibility. However, for a company, the adoption of cloud services is challenging as it raises concerns about security. Even though being ISO 27001 certified, if a company is using or providing cloud based services, then they must see what the ISO standards for Cloud Computing have in store for…
SOC for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report. Each type of SOC for Service Organizations report is designed to help service organizations meet specific user needs. Which SOC Report…
Confidentiality is the term used to describe information/data privacy which means the information is not made available or disclosed to unauthorized entities or individuals. Integrity is the term used to describe information/data accuracy and completeness throughout its lifecycle. That means that the data cannot be modified by an unauthorized entities or individuals. Availability is the…
HIPAA Compliance for Mobile Apps With lots of mobile apps handling or processing PHI (Personal Health Information), the HIPAA (Health Insurance Portability and Accountability Act) compliance is becoming a mandate for such apps. This article brings clarity informing what all points should be considered to make the android or ios mobile application compatible to HIPAA…
Q. What is FedRAMP? A. The Federal Risk and Authorization Management Program (FedRAMP) is a US government program that provides a unique approach toward security assessment, authorization, and continuous monitoring for cloud products and services. Q. Is FedRAMP mandatory? A. Yes, FedRAMP is mandatory for Federal Agency cloud deployments and service models at the low,…
