Resources

RISCPoint is excited to announce the commencement of the RISCPoint Apprenticeship Program along with the hiring of our first apprentice, Michael Wilson. The program is designed to create value with long-term, exponential dividends for the participants, the company and the industry as a whole.

Wondering if your organization needs StateRAMP or FedRAMP authorization...or both? You’re not alone. While the two frameworks are both modeled after the National Institute of Standards and Technology (NIST) Risk Management Framework and Special Publication 800-53, and look similar at first glance, there are some key differences that CSPs must account for, especially those actively seeking authorization. Think of them as siblings – not twins.

Given the shifting security landscape, SOC 2 reports will only accelerate their role as a prerequisite for conducting business. As such, it's critical for organizations to understand the 5 categories of Trust Services Criteria, in order to determine which to include in their respective auditing processes.

When the PCAOB’s Staff Audit Practice Alert No. 11 was released in 2013, it disrupted the entire audit industry, reverberating throughout public companies and the entire internal controls landscape. While nine years have already passed since Staff Audit Practice Alert No. 11 was introduced, current Segregation of Duties controls are poised to face the same level of scrutiny from the PCAOB in this decade.

Juggling the increasing complexity and volume of compliance requirements can be a daunting task for any organization. More than ever, organizations are being more scrutinized by their clients through an increasing list of compliance obligations, including: SOC 2 Attestation Reports, ISO/IEC 27001:2013 Certification Reports, HITRUST, HIPAA, FedRAMP – the list goes on. To help your organization in making these determinations, RISCPoint has developed this guide to identify the best practices in implementing a cohesive compliance framework for your organization.