The collection and evaluation of audit evidence plays an important role in assessing an organization’s compliance with established standards. The American Institute of Certified Public Accountants (AICPA) serves as a guiding force, establishing methods that auditors should use to carry out their duties effectively. As auditors start their examination, they first collect and analyze various types of audit evidence, each serving as a piece of the puzzle that forms the auditor’s report.

The Texas Data Privacy and Security Act (TDPSA) was enacted on June 18, 2023, making Texas the tenth U.S. state to authorize a comprehensive privacy law that protects resident consumers. The TDPSA borrows many statutes from other state privacy laws, mainly the Virginia Consumer Data Protection Act (VCDPA) and the California Consumer Privacy Act (CCPA).

For startups looking to win business and build trust with potential clients, a robust security program and effective response to security questionnaires are essential. Whether you’re new to security questionnaires or just need a refresher, we have you covered. With that, let’s get started.

The Cybersecurity Maturity Model Certification (CMMC) is a US Department of Defense (DoD) certification framework that aims to protect sensitive information handled by Defense Industrial Base (DIB) contractors by establishing a set of cybersecurity standards and best practices to follow. DIB partners often handle critical DoD information and other government data to operate, which typically has various levels of sensitivity and classification.

Security compliance programs help your organization identify, implement, and maintain appropriate security controls to protect sensitive data, comply with laws and contractual obligations, and adhere to the standards, regulatory requirements, and frameworks needed to protect customers and enable the business to succeed. ‍ In other words, with a security compliance program in place, companies are able to demonstrate that they meet designated security requirements and objectives.

If you are using Microsoft 365 (M365) or SharePoint and need to comply with or learn more about US export control requirements, read our 6 W’s of ITAR and EAR Compliance to help you comply with these strict U.S. regulations.

The increasing number and sophistication of data breaches has led to increased concern among boards, regulators, and the public about threats to the data environment. That, in turn, has led to a desire for constant data protection – and a rise in the importance of continuous compliance monitoring to be sure that those data protection efforts are always sufficient and working.

As the industry’s first automated compliance platform, Vanta includes a wealth of pre-built content, which enables customers without existing compliance processes to quickly get up and running. ‍ But more mature organizations may already have a compliance program — from the processes they follow to the definitions of their compliance and security surface area — that is built to meet their unique compliance goals, auditor requirements, and tech stack.

TrustCloud teamed up with Dansa D’Arata Soucia on our Risk Rodeo webinar, to discuss everything you need to know to wrangle up risks with confidence. Our panelists weighed in on the four things that auditors look for in risk management processes.