Being HIPAA-compliant means that a healthcare provider has adequate measures in place to protect patient data. In recent years, there has been an alarming growth in the number of data breaches targeting the healthcare industry, and more breaches have meant more (and more serious) consequences for the affected provider.

Web applications grow and evolve each year. There’s always a new feature, a new API, and a new way of doing things. These constant changes may introduce some form of vulnerability, which is not ideal when web applications often sit on your external network. This makes web applications an ideal vector for an attacker to migrate into your internal network or compromise customers. Therefore, any web application test deserves an adequate level of thoroughness and attention. Below, we’ve provided a list of questions you should consider asking prospective pen test providers to ensure the most effective web application pen test experience.

TAMPA, Fla. – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is proud to announce the appointment of Preeya Voss as its new Chief Revenue Officer. Voss brings nearly two decades of experience in SaaS and services revenue leadership, with a proven track record of driving transformative growth across diverse industries and customer segments.

*Disclaimer: This article was written using a translated copy of the South Korea AI Basic Act* After the European Union paved the way for creating a legal framework for artificial intelligence (AI) in early 2024, many wondered what government or jurisdiction would follow. The year continued with discussions on how to best implement AI governance and debates on where the line stands between sufficient governance and proper opportunity for creativity in the technology industry. Fast forward a couple of months, as the world prepared to welcome in the new year those questions were finally answered. In late December 2024, South Korea stepped forward proposing their own legislation regarding AI. By January 21, 2025, they became the second entity to propose AI regulation with the passing of the AI Basic Act. To address the obvious next question of when these regulations will be enforced, the enforcement date stands as January 22, 2026, giving organizations roughly a year to prepare. It’s also worth noting that this act contains six sections with 43 articles, and we've outlined the key points below.

When people hear of an upcoming pen test, they most commonly think of network testing. These tests can be focused against your external network (i.e. network perimeter) or your internal network (cloud environment and/or on-premises network). As these networks typically change year to year with new devices, cloud migrations, on-premises migrations, and firewall migrations, periodic testing may be necessary. This can leave you wondering how to find the right pen test provider to ensure your organization's network security posture is thoroughly assessed.

Opting for a readiness assessment ahead of your SOC 2 examination is—while optional—a beneficial extra step when seeking compliance. Do you remember taking a practice test while preparing for an exam in school? Such a move could never hurt your chances of success. That being said, there are some things you should understand ahead of your readiness assessment that can help demystify your experience.

The PCI Security Standards Council (PCI SSC) has announced significant updates impacting e-commerce merchants currently collecting payments via an iFrame or redirect. The new guidance brings notable changes to the PCI DSS compliance process for merchants who are eligible to complete the Self-Assessment Questionnaire (SAQ) A.

You think you’re close to picking the right team. Your goals align, and you think the team is of sufficient quality. But, there’s one aspect that can be easily overlooked – yet it may ultimately determine whether the exercise was worth conducting.