[5 min read] To the busy CISO, it might seem like implementing a GRC (Governance, Risk and Compliance) tool will be an easy way to create and manage...

[5 min read] Is the AICPA asleep at the wheel? More and more tech companies are seeking to demonstrate their security posture by undertaking a SOC 2...

[5 min read] Vendor Risk management is a hot topic especially when you realize that many of the most high-profile data breaches are due to vendors or...

[4 min read] Why vendors may be the biggest security risk to your organization Of the companies that experienced a data breach in 2021, over 90% of...

[3 min read] It is amazing to think about how much data we all create these days. With so many employees working remotely, and the rise in the number...

[4 min read] Data ownership is a complicated topic, much more complicated than most might think. We often talk about data security in possessive...

[5 min read] And who has access to it? When I talk to CEOs and security professionals about data security, the one question that continually trips...

[5 min read] If you are involved with, or interested in, the data security world then no doubt you have heard many definitions of integrated risk...

[4 min read] Security standards, reports, and certifications are becoming essential for vendors and technology firms. Certifications, such as SOC 2,...

[4 min read] Risk management is not well understood. Often there is confusion between risk management and risk assessment, and added to that...

[4 min read] I had not heard the term “Mission Corp” until earlier this year.  It came up when I was interviewing someone for a role at Ostendio and,...

[3 min read] This blog is the last in a series from the National Cybersecurity Alliance in support of Cybersecurity Awareness Month 2021. Ostendio is...

[2 min read] Ostendio is proud to be a 2021 Cybersecurity Awareness Month Champion. This blog is part of a series from the National Cybersecurity...

[3 min read] Ostendio is proud to be a  2021 Cybersecurity Awareness Month Champion. This blog is part of a series from the National Cybersecurity...

[4 min read] Every October we raise awareness about Cybersecurity together with the National Cybersecurity Alliance. Their series of blog posts for...

[4 min read] We all know how hectic the life of a CISO can be regardless of the size of business they support or the industry they are involved in. ...

[4 min read] When it comes to managing risk, companies often overlook their vendors. But Vendor Risk Management should be an integral element of any...

[4 min read] We are at a turning point as companies are deciding what to do about returning to the office after the pandemic. As many schools prepare...

[4 min read] Late last year we wrote a blog that looked at Risk Management and Data Security and suggested what you might do differently as we headed...

[4 min read] There’s one thing that you can count on in the news right now and that’s another report of a data breach or ransomware attack. They seem...

[4 min read] Have you ever wished you could run a marathon?  I have run a few and I can tell you it is hard work and takes a lot of training just to...

[3 min read] Many organizations know that they need to operate in line with HIPAA to protect sensitive data but they have also heard about HITRUST...

[4 min read] I have learned over my time working in the cybersecurity space that for many people and business leaders there is a lot of confusion...

[4 min read] Security Audits can improve your organizational efficiency and data security When it comes to conducting audits there are multiple...

[4 min read] Daunting. That’s the word we hear the most from customers when it comes to thinking about completing a security audit. Time, money and...

[5 min read] Customers see a lot of confusing terms when they are looking at building a security program.  Terms such as “regulatory compliance”,...

[4 min read] We talked previously about the type of cybersecurity and risk management challenges to expect in 2021, but the trends driving these...

[4 min read] SOC reports simplified with our top 10 questions and answers One of the most popular frameworks we get questions about is the SOC 2...

[4 min read] 5 Key features you need that a traditional GRC provider doesn’t offer When we talk to customers, prospects and even audit partners, they...

[4 min read] Hint Health is a technology enabled Direct Primary Care (DPC) solutions company that partners with visionary provider organizations to...

[5 min read] There is much confusion around Vendor Risk Management (VRM), what it is and how to handle it properly for all sizes of business. Too...

[4 min read] If you come from the tech-centric world of Tesla and Apple and enter the world of dental labs where orders are sent by paper, phone or...

[4 min read] The role of information technology has infiltrated the day to day mechanics of all industries, especially healthcare. Information...

[4 min read] A recent article in SecureWorld “Lessons from 2020, and what to expect in 2021: An evolutionary time in cyber and privacy” looks back at...

[5 min read] The data breach involving FireEye and SolarWinds was shocking. As the leader of a cybersecurity platform company, a significant breach...

[5 min read] 2020 was undoubtedly a shock to the system, shaking up everyone’s personal and business life. At Ostendio we transitioned quickly to a...

Are you feeling a little overwhelmed at the thought of a security audit? Have you heard the SOC 2 name mentioned in meetings but don’t understand...

The election news cycle is in full swing as we near the big day on November 3rd. Regardless of how you vote, at Ostendio we encourage all employees...

Many larger companies, and some medium sized companies, have a focused CISO with a great IT team who have all worked hard to establish a data...

Thinking about cybersecurity is a full time, 365 day-a-year job at Ostendio but for many it comes to mind most during October when the National...

If you’ve recently built a data security and risk management program and passed a security audit, you’ve accomplished more than many organizations. ...

The first step in any process is often the hardest. Realizing that you need to take action is just the beginning, deciding what action to take is...

As a CISO, you’ve spent time deciding on the best platform to suit your data security and risk management needs and you are ready for the...

When it is time to prepare for your first audit you might be filled with dread.  How are you going to get through the audit? Will your employees or...

It feels great to get to the point where you have built a cybersecurity program for your business. As a CISO you got the executive buy-in, everyone...

Even before the COVID-19 pandemic took hold, too many organizations were not looking at a broad enough approach to cybersecurity as they evaluated...

We might not be surprised when we read about another data breach but it does turn heads when it is a well-known brand like Twitter.  Recent reports...

The typical company significantly under invests in cyber security, a situation that is likely to be exacerbated as companies look to cut expenses...

Security and Risk Management can be complicated. Predicting what might happen to your business and preparing to protect and mitigate against those...

We have learnt a lot in the last year since we launched the successful MyVCM CrossWalk Assessment feature, an addition to the industry leading ...

The California Consumer Privacy Act (CCPA) went into effect on January 1st 2020 but there are stages to its enforcement and we are about to hit...

It is hard to believe it has been a year since we launched MyVCM CrossWalk Assessments. This new feature radically changed the way companies...

Security certifications are a must for vendors and technology firms. Many organizations choose SOC 2 as a way of demonstrating effective risk...

CIOs have mostly ridden out the remote work surge caused by COVID-19.  The employees who can work remotely are now safely settled in their home...

May 2020 marks the second year that GDPR has been in effect and we have already seen some significant fines totalling over $126 million.  Google has...

How is your business showing compliance to operational and business risks during these uncertain times? Many companies turn to the popular SOC report...

During these difficult times it is understandable that organizations may be looking for creative ways to cut costs or gain efficiency.  While...

We are all getting used to our new “normal” but many businesses, both big and small, have been caught off-guard by the COVID-19 crisis. Having to...

As we start to adapt to our new quarantined life, one of the things that has struck me is how different people have benchmarked what they constitute...

From the recently announced privacy issues being investigated by the New York Attorney General at Zoom, all the way back to the Zenefits scandal in...

If you have a team working remotely due to the COVID-19 virus you are obviously not alone as we adjust to this new normal way of work.  At present, 1...

Vendor Risk Management is a hot topic at the moment and for good reason.  A recent study by the Ponemon Institute showed 59% of companies have...

If you missed our recent webinar “Re-thinking Vendor Risk Management” you can listen to it free and on-demand here.  In the webinar we talked about...

What do you need to know about HIPAA in 2020? This year, the changes are not so much about HIPAA itself, but about things that directly affect how...

When we talk to customers, prospects and even audit partners, they are often overwhelmed with the choices they have for GRC tools.  There is a lot of...

The start of a decade is always an exciting time. When you think about how technology has changed in the last 10 years you can only imagine what...

2019 was an incredible year of growth for Ostendio.  We continue to ramp up our business while working hard every day to deliver on our promises to...

Webinars are some of our most popular content on the Ostendio web site. Across 2019 we hosted a series of webinars that combined best practices and...

We’ve had an incredible year of growth at Ostendio and, as our company has grown, so has our blog readership.  At the end of every year, we revisit...

We are all used to doing regular fire drills at the office or at school, and we accept the benefits of having defined roles and responsibilities...

It’s easy to make mistakes.  We’ve all done it. Maybe you’ve put the milk in the cupboard and the cereal in the fridge this morning! These things...

Today we announced an exciting new addition to the Ostendio MyVCM platform - MyVCM Auditor Connect. You can read the press release here, but I...

There is no single industry with greater sensitivity to data breaches than healthcare. But unfortunately, breaches across healthcare companies,...

Ostendio is a champion of National Cybersecurity Awareness Month (NCSAM) which is observed every October. This month of awareness was created as a...

If you aren’t familiar with the Secure Controls Framework (SCF), you should be. It’s a non-profit organization dedicated to providing content that...

In case you are new to the world of cybersecurity and are struggling to learn or understand some of the new terms you are hearing, don’t worry, we’re...

If you’re a company with the view that cybersecurity is largely an IT issue, you may take the attitude of “We’ve got this.” Hold that thought. When...

You’ve likely heard about organizations having a culture of compliance but not as much about having a culture of cybersecurity. Yet as threats to our...

Data breaches aren’t just a problem for security professionals. The impact is felt across the whole business—from your legal team, embroiled in...

Did you know that small to medium-sized businesses (SMBs) may have a higher cybersecurity risk than larger counterparts when you consider...

HITRUST (Health Information Trust Alliance) and NIST (National Institute of Standards and Technology) recently announced that they have teamed up and...

When it comes to HIPAA compliance and cybersecurity, the danger comes with thinking one assures the other. It doesn’t.  Just skim the daily headlines...

With so much data being created, sometimes it’s hard to tell what’s sensitive data and what isn’t, what’s a risk to it and what’s not. This can be...

When you’re a medical device manufacturer, your primary goal is to get your product into hospitals and care provider networks. The internet of things...

It’s a new year with a new budget, and a new year’s resolution for laser-focus on cybersecurity. That should be easier to keep than the ones for no...

It’s an all-too- common misunderstanding, but a robust information security program doesn’t mean you’re in compliance with whatever regulations...

As we wrap up 2017, the number of healthcare data breaches are up over 2016, with 41% caused by “insiders” per the Protenus Breach Barometer mid-year...

As we wrap up Cybersecurity Awareness Month, keep in mind that cybercriminals are indiscriminate in who they attack. Large business, small business,...

As America gears up for hot dogs, fireworks and celebrating with friends and family, keep in mind these five security tips to help protect your...

As 2016 draws to a close, it was a busy year for both companies defending themselves, and cyber criminals creating new forms of attack. As CEO of...

After a lengthy process of “putting things to rights” in 17 states, Zenefits is paying up to US$7 million in penalties. As with other digital health...

In the last few months we have seen a spike in cybercrime with a series of ransomware attacks in the healthcare industry. Hospitals, from California...

GUEST BLOG: Our guest blog post  this week is written by Chris Apgar, CEO of Apgar and Associates, LLC. Chris is a recognized expert in Information...

A recent Healthcare IT News article revealed that 95% of FDA approved mobile health apps lack important technical protection layers. That means our...