Building out a security and compliance program can be daunting, especially if you’re working towards multiple frameworks. For this reason, many organizations turn to GRC platforms to create and organize policies and procedures, manage and mitigate risk, compile evidence, and collaborate with an ...

Q&A with an Ostendio HITRUST practitioner As busy security professionals, CISOs can feel overwhelmed by the growing number of certifications, frameworks, and regulations they must keep track of. Adding HITRUST certification to the mix can be a daunting task, but it doesn’t have to be. HITRUST ...

It’s almost time for one of the biggest events of the year on the healthcare information technology conference calendar - HIMSS 2023. This year HIMSS takes place in Chicago from April 17-21, and with over 40,000 attendees, you want to plan to make the best use of your time.  As a busy CISO, you ...

Reviewing the needs of your data security and compliance program This is a question we hear a lot at Ostendio. “Which SOC report do I need?”  Clients are often familiar with SOC  (Systems and Organizational Controls) reports and the benefits to their organization of being able to demonstrate their ...

Calculating the return on your security and compliance platform Security and compliance teams are no strangers to fumbling through compliance spreadsheets, answering endless back-and-forth emails, and incessantly reminding employees to complete overdue training. As a result, the industry has seen a ...

There’s no shortage of cybersecurity predictions for 2023. Whether you read lists from Security Magazine or Venture Beat with Google’s top 6 predictions or SCMedia’s 2023 Threat Predictions with concern over the economy leading to less secure organizations, there are always different perspectives. ...

The new year is a perfect time to get organized with your data security and compliance management planning for the year ahead. As a busy CISO, it can feel overwhelming to balance the number of activities that need to be completed against the pressure to get the most done on a tight security budget. ...

The SOC 2 audit has become one of the most common security frameworks in the U.S. And if you’re looking for resources on where to start or how to select an auditor, you’re in luck.

[3 min read] Winning awards is exciting, but it means so much more when it comes from our clients. We are starting 2023 with four G2Winter Report badges recognizing the work of the fantastic Ostendio team including High Performer badges in three categories.

[4 min read] There are many legal and ethical responsibilities held by CISOs and executive teams,  but recently, individual data security responsibilities have been brought into the spotlight. Drizly, an online ordering and delivery platform for alcoholic drinks, settled a complaint with the FTC ...

[6 min read] We sat down with Gila Pyke, Director of Professional Services, Client Success, and Implementation at Ostendio, one of our 4 CSF HITRUST Readiness experts for a behind-the-scenes look at what’s involved in preparing for and passing a complex audit like HITRUST. 

[4 min read] Among the myriad of challenges facing the modern CISO lies the consistent need to improve data security by selecting the security framework that aligns best with your industry and organization. There’s growing pressure to ensure your organization has the right controls and security in ...

[3 min read] Our industry has evolved.  With more than 80% of security breaches caused by human error,  traditional GRC tools are no longer enough for today’s modern, complex business environments.

[4 min read] Advice from an experienced facilitator of Incident Response and Business Continuity Tabletop Exercises Companies of all sizes, in many industries, have a common challenge - cybersecurity and how to protect their sensitive data. Organizations that store PII (Personally Identifiable ...

[4 min read] Updated for 2022 -  Includes 11 Tips for Building your Incident Response Team As the rate of data breaches is on the rise it is no surprise that more companies are building an incident response team so their organization can act faster and more effectively when there is a cyber attack. ...