Today we announced an exciting new addition to the Ostendio MyVCM platform - MyVCM Auditor Connect. You can read the press release here, but I thought it made sense to share some more context and insight here on our blog.  My VCM Auditor Connect is something we have been working on for several ...

There is no single industry with greater sensitivity to data breaches than healthcare. But unfortunately, breaches across healthcare companies, including providers, vendors and business partners, are on the rise. Our friends at Protenus do a great job of tracking and analyzing the universe of data ...

Ostendio is a champion of National Cybersecurity Awareness Month (NCSAM) which is observed every October. This month of awareness was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

Recent news that PwC (PricewaterhouseCoopers LLP) has agreed to pay US$7.9 million in fines to settle U.S. Securities and Exchange Commission charges it violated auditor independence rules and engaged in improper professional conduct should be a wake up call for anyone hiring an audit firm.  ...

When you begin planning for a SOC 2 audit, one of the first big decisions is choosing an external audit firm. You want a firm who can help you navigate the process properly and efficiently the first time, and also be capable of serving as a partner through several annual audit cycles.  

As many companies - and their vendors - are moving data to the cloud, there are often concerns about the security of their sensitive information. In past blogs we’ve talked about the SOC 2 audit process but what is the ROI and the benefit for your business? Remember an external audit ensures that ...

If you aren’t familiar with the Secure Controls Framework (SCF), you should be. It’s a non-profit organization dedicated to providing content that helps organizations navigate the security and compliance maze.  Right now they are rolling out the ‘Security & Privacy Capability Maturity Model’ ...

In case you are new to the world of cybersecurity and are struggling to learn or understand some of the new terms you are hearing, don’t worry, we’re here to help! Some concepts have been around for years, but many are gaining traction right now due to high-profile data breaches, advances in cyber ...

A SOC 2 report has 5 Trust Services Criteria, which have previously been commonly called Trust Services Principles. These Trust Service Criteria are the basic elements of security. This includes security on organizational controls, access controls, basic risk assessment, as well as the ability to ...

HITRUST Certification is growing in popularity. What started as a framework for the healthcare industry has now expanded to include other regulated industries. Continual changes to cybersecurity, cloud technology, regulations, and other factors can make the road to achieving HITRUST Certification ...

A Systems and Organizational Controls (SOC) report provides guidance on standards that should be used for operational and technological business risks. There are 3 different SOC reports and they can be applied to virtually any industry or business sector. In the past, SOC reports were focused on ...

The news of the Capital One breach rocked the banking industry this week.  It is significant because it wasn’t a virus or an outside hacker but allegedly a previous employee of a Capital One vendor who gained access to over 10 million customer records. Surprisingly to some, the percent of breaches ...

One of the biggest news items this week in the world of security is the Equifax settlement with the FTC. The Equifax data breach was one of the biggest ever reported, affecting over 150 million customers. Equifax was accused of failing to fix a patch to its network that resulted in the breach. As a ...