Cyber Security

SOX compliance - Specific to IT:  leveraging IT best practices (e.g. COBIT framework-specific control objectives), our IT auditors apply a common-sense approach when reviewing your IT general and IT...

Best Practice Guidelines or Mandatory Requests Although the DOL’s new guidance is considered a “best practice”, do not be mistaken by the syntax, as now that we are over a year into these new rules,...

With the addition of HITECH, State Attorney Generals gained the ability to pursue civil and criminal enforcement of HIPAA violations. Through the Department of Health and Human Services (HHS), the...

How Do We Partner With You? Elevate provides security strategy, process, and implementation services to help improve your information security needs. Regarding HITRUST CSF certification, we can...

The Common Criteria/Security of the AICPA Trust Service Principles must be included in a SOC 2 report, with additional criteria available. Common Criteria/Security - The system is protected against...

Any report opinion issued on or after May 1, 2017, will be issued under the SSAE 18 standard. Two types of SOC 1 reports exist: Type I: Test of Control Design Effectiveness (A period of time) Type...

The CSP focuses on three mutually reinforcing areas: Secure and Protect Share and Prepare Prevent and Detect While all institutions are responsible for protecting their own environment, SWIFT’s CSP...

GLBA Risk Assessments When non-compliance is not an option. In October of 2021, the Federal Trade Commission (“FTC”) issued guidance on Standards for Safeguarding Customer Information (‘‘Safeguards...

Consistency and quality are a must to achieve the certification of this standard. Achieving the ISO 9001 certification is a valuable marketing tool, specifically for Software as a Service (SaaS) and...

To meet the minimum requirements, DoD contractors must: Provide adequate security, and Conduct cyber incident analysis and reporting Adequate Security is provided by implementing “protective...

CCPA Compliance and Data Privacy CCPA Compliance law protects all personal information that identifies, relates to, describes, is capable of being associated with, or may reasonably be linked,...

In this article, we discuss CMS DE and EDE Pathway. Background Direct Enrollment (DE) permits consumers to purchase a Marketplace health plan from a source other than Healthcare.gov; however, the...

Criteria and Scoring CSA STAR uses a “technology-neutral” approach leveraging the ISO/IEC 27001 control criteria and adding Cloud-specific controls from best practices and leading standards and...

FINRA reviews a company's approaches to cybersecurity risk management, including: Technology governance System change management Risk assessments Technical controls Incident response Vendor...

The updated CMMC 2.0 framework (CMMC Readiness) will be more streamlined, eliminating both Levels 2 and 4, which were considered “transition levels” and creating a leaner model consisting of only 3...

Within the Fedline Solutions catalog, there are four different products that are offered, and while no clients should ever require all four, there may be occasions where more than one product is...