ZenGRC

Simply Powerful GRC

Home » Resource Center » Blog

Blog

Found 1521 Results
Page 35 of 153

What is an Internal Audit?


Internal audits are an exercise that an organization undertakes to understand how well the organization is managing the risks that confront it. The audit examines a certain risk facing the organization — say, the risk of erroneous financial reporting, or the risk of weak cybersecurity procedures  — and tests the organization’s internal controls to keep […]

hand writing Internal Audit in red marker in the middle of Risk Interviews System Scope flow diagram

Tags:

October 31, 2023

The Fine Art of Scoping a SOC 2 Audit


Once upon a time, performing a SOC 2 audit was a rite of passage for service companies: “Wow, we’re so successful now that big clients want us to do important things, and we need a SOC 2 audit to prove our street cred!” Times have changed. In today’s cybersecurity world, the SOC (Systems and Organizations […]

business professional working on service organization controls audit

Tags: ,

What is the SOC 2 Common Criteria List?


The SOC 2 Common Criteria List refers to the set of criteria and principles that service organizations must adhere to and demonstrate compliance with in order to achieve SOC 2 (System and Organization Controls for Service Organizations 2) certification. These criteria are established by the American Institute of Certified Public Accountants (AICPA) and are focused […]

Businessman using fingerprint indentification to access personal data.

What is Evidence Collection in Compliance?


Evidence collection is the act of documenting an organization’s compliance processes and outcomes. Evidence collection is one of the best methods an organization can use to demonstrate that it is taking compliance seriously.  An organization will likely encounter several challenges when it sets out to collect evidence and build an evidence-collection process. Evidence collection is […]

compliance in the cloud surrounded by cybersecurity icons

Tags:

How to Keep Your HIPAA Compliance Efforts Up to Date


Everyone in the data privacy world has heard of HIPAA, and the term is often used to explain how, when, and why protected health information is protected from release to second and third parties.  But HIPAA — which stands for the Health Insurance Portability and Accountability Act — has changed several times since it was […]

What Are the PCI Audit Requirements?


If your organization is mandated to pass an on-site audit and submit a Report on Compliance under the Payment Card Industry Data Security Standard (PCI DSS), there are certain requirements to which you must adhere to be an approved scanning vendor. You must either: Hire a Qualified Security Assessor certified by the PCI Security Standards […]

smiling couple holding credit card and laptop

Tags: ,

How Frequently Should You Audit for SOC 2?


After your first System and Organization Controls for Service Organizations 2 (SOC 2) report, you’ll most likely want to follow up every year with a new audit and report.  But you can have them done more often. And in some cases, you probably should. First, however, it’s important to determine which kind of SOC audit […]

AICPA SOC

Tags: ,

What Is a SOC 2 Audit?


A System and Organization Controls for Service Organizations 2 (SOC 2) audit assesses how well a service provider’s internal controls and practices safeguard customer data’s privacy and security. Service providers include those providing Software-as-a-Service (SaaS) or cloud computing services, as well as other professional services such as consulting that are routinely provided by third-party vendors. […]

Businessman using fingerprints to access business information, biometric identification and cybersecurity network, digital cybercrime anti-crime technology innovation, data protection privacy concept

Tags: ,

What are Internal Controls for Cash?


When determining your organization’s risk management and security policies, establishing internal controls is a crucial part of the process. Internal control procedures help protect your organization from finances, strategy, and overall reputation risks. Controls serve as a check-up to ensure your business runs effectively and efficiently. Internal controls relating to finance help your organization maintain […]

looking up through glass ceiling

What is HIPAA Compliance?


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires healthcare organizations to protect sensitive patient health information or Protected Health Information (PHI). HIPAA establishes standards for the privacy and security of electronic Protected Health Information (ePHI). The primary goal of HIPAA is to safeguard medical records and individually […]

HIPAA Regulations document among vaccination records and patient medical history paperwork

Page 35 of 153

Ready to Experience Simply Powerful GRC?

×