Determining what certification your organization should pursue can be a challenge, it’s important to know what standard will best suit your organization and why. ISO 27001 and SOC 2 are top choices to be able to prove that your organization is cyber resilient, but which one is best and why? SOC 2 and ISO 27001 […]
ISO 27001 vs SOC 2: 6 Key Differences Explained Read More »
The road to HITRUST can be confusing for many, but it’s a worthwhile journey. The HITRUST Alliance provides a wealth of materials outlining what certification means and how to achieve it. If you’re considering HITRUST certification, I’d highly recommend that you pursue those materials. Eventually, you’ll need to. In this article, I’ll help you understand
HITRUST i1 vs r2 vs bC: Comparing Costs, Benefits & Process Read More »
Navigating HIPAA compliance and HITRUST certification can be difficult. Numerous solutions purport to provide one certification or the other, but what does that mean for you and your business? In this article, we’ll cover what HIPAA and HITRUST are, what HITRUST certification and HIPAA compliance mean under each standard, and how each benefits the healthcare
HIPAA vs HITRUST in 5 Key Differences: Cost, Benefit, & Process Read More »
A PCI Gap Assessment can be a valuable resource for your organization as you first begin your journey on PCI (before your first assessment) or while transitioning between PCI DSS versions (from version 3.2.1 to 4.0). The PCI Gap Assessment will help you understand where you are and tell you where you need to go.
Is a PCI Gap Assessment Worth It? 5 Key Questions to Ask Read More »
If you are a small or medium-sized business, you are most likely applicable to a PCI Self-Assessment Questionnaire (PCI SAQ). SAQs are a slimmed-down version of the PCI Report on Compliance (ROC). Depending on your PCI Level, which is determined by the number of transactions you process on an annual basis, a SAQ may be
How to Choose the Right PCI SAQ & Reduce Requirements Read More »
There are two kinds of PCI assessors: Qualified Security Assessors (QSAs) and Internal Security Assessors (ISAs). This article will focus on the former. QSAs are certified by the PCI Security Standards Council (SSC) to perform PCI assessments for other companies through consulting. A QSA has not only the knowledge to perform PCI assessments but also
PCI Qualified Security Assessors: A Buyer’s Guide Read More »
Attaining PCI certification for an organization, for the first time, is not a small undertaking, whatever path you take. But PCI compliance is one of the most impactful things you can do to better protect your card data and ultimately your business. PCI compliance helps you to secure your environment, benchmark standards, and serves as
How Long Does it Take to Get PCI Certified? Read More »
PCI DSS 4.0 is the latest release of the PCI Data Security Standards since Version 3.2.1 on May 17, 2018. Version 4.0 was released in Q2 of 2022 and has been updated to continue the effort and focus on securing cardholder data and the current (and future) state of the payment industry, while also promoting
PCI DSS 4.0: How-To Guide for Compliance Teams Read More »
The payment Card Industry (PCI) is a set of requirements that organizations are required to be audited against to accept, process, or store any payment card information. This standard is designed to help the brand label cards (AMEX, Discovery, Visa, etc.) reduce fraud risk through the loss or compromise of credit cards. As part of
PCI Compliance Logging Requirements & How to Meet Them Read More »
Payment card information (PCI) processed by a business’ call center must address several key areas to meet PCI compliance: identifying PCI in the call center environments, implementing PCI DSS compliance requirements, and outsourcing versus not outsourcing. If a business chooses to retain its call center function, all applicable requirements of the current PCI DSS at
PCI Compliance for Call Centers: A No Nonsense Guide Read More »
