compliance Archives - risk3sixty

HITRUST: Single Framework Strategy

Many organizations are in search of ways to streamline their compliance efforts. See how the HITRUST CSF can enable a “Single Framework Strategy” that simplifies security and compliance programs. Challenges [...]

By Michael Carroll|2022-01-25T20:07:57+00:00January 25th, 2022|HITRUST|0 Comments

How risk3sixty Uses SOC 2 to Demonstrate HIPAA Compliance

The AICPA-designated SOC 2 framework is used to express an opinion on controls over security, privacy, availability, confidentiality, and processing integrity for many different systems, organizations, and environments. In addition [...]

By Yousef Ali|2021-07-13T16:39:33+00:00July 13th, 2021|SOC Reporting|0 Comments

A GRC Tool is Not a GRC Program

A GRC tool can provide many benefits to your GRC program, as we’ve discussed before. However, before you go chasing shiny objects, you must understand what a GRC program is [...]

By Kendall Morris|2022-06-28T15:24:41+00:00June 14th, 2021|Cyber Risk Management|0 Comments

How to Provide Audit Evidence

So, you’ve been tasked with providing evidence for an audit. You may be wondering what your auditor is even looking for. Let’s take a look behind the scenes at why [...]

By Kendall Morris|2022-10-05T13:10:59+00:00June 1st, 2021|IT Audit and Compliance|0 Comments

4 Benefits of a GRC Tool

A GRC tool can help an organization manage its governance, risk, and compliance program. But why use a GRC tool instead of managing your GRC program manually? GRC tools can [...]

By Kendall Morris|2022-06-28T15:22:01+00:00May 3rd, 2021|Cyber Risk Management|0 Comments

The Virginia Consumer Data Privacy Act is Law: What Now?

Virginia’s Consumer Data Privacy Act (“VCDPA” or “the Act”) is the newest state privacy law in the U.S. In this blog, we will examine who is subject to the Act [...]

By Philip Brudney|2021-03-17T17:07:49+00:00March 17th, 2021|Privacy Compliance|0 Comments

How to Scope & Segment Your PCI Environment

How should a company think about PCI Scope and Segmentation? For companies looking to identify and reduce the scope of their PCI environment, through network segmentation, it is necessary to [...]

By Christian White|2021-03-01T17:36:02+00:00March 1st, 2021|PCI DSS|0 Comments

How to Read a SOC 2 System Description

In this blog, we’ll dive into one of the most important parts of a SOC 2 report, the SOC 2 System Description! During your due diligence process, a vendor sends [...]

By Kendall Morris|2021-01-27T21:22:32+00:00January 25th, 2021|SOC Reporting|0 Comments

Maintaining A Compliant Business Continuity Environment

Do your business continuity plans account for your company’s compliance and regulatory requirements? For many, the answer to that question is “no”. An unfortunate reality encountered by companies across the [...]

By Glenn Chamberlain|2020-11-23T17:17:58+00:00November 23rd, 2020|Regulatory Compliance|0 Comments

Managing Ongoing PCI DSS Compliance

Maintain Compliance From our experience working with high-growth technology companies subject to a myriad of compliance obligations, maintaining security and privacy compliance initiatives throughout the year is a prominent challenge [...]

By Christian White|2020-11-16T16:53:22+00:00November 16th, 2020|PCI DSS|0 Comments

12 Next