Choosing the Right SOC 2 Path for Your Organization
At a high level, the difference between a SOC 2 Type I and Type II comes down to design vs. performance. A Type I report is a point-in-time snapshot, showing
May 11, 2026
At a high level, the difference between a SOC 2 Type I and Type II comes down to design vs. performance. A Type I report is a point-in-time snapshot, showing
You completed a security assessment. The findings report was shared. Your assessor identified vulnerabilities, ranked them by severity, and has given you a prioritized list of what needs to be
Drummond Group, LLC, and Hicomply Ltd. today announced a partnership that gives Hicomply customers access to independent compliance audit and security assessment services. Organizations that have built and managed their
Not long ago, most organizations outside of financial services and healthcare could treat penetration testing as optional. That has changed. The forces pushing organizations toward pen testing in 2026 are
The compliance community has been paying close attention to a recent article detailing allegations that a platform offering a fast, low-cost path to SOC 2 and HIPAA readiness may have
Vulnerability scanning is not optional for regulated organizations. If you are subject to PCI DSS, HIPAA, or SOC 2, regular scanning is a baseline requirement. The real question is whether
Researchers at mobile security firm Oversecured scanned ten Android mental health apps with a combined 14.7 million downloads on Google Play. What they found should make any HIT developer uncomfortable:
Two companies. Same industry. Same regulatory requirements. Both conduct penetration testing. One does it when an auditor requires it. The other does it every year, as part of their internal
What Is NIST 800-53 and Why Are Financial Institutions Using It? NIST Special Publication 800-53 is a catalog of security and privacy controls published by the National Institute of Standards