All Articles

Digital Edge just guided a NASDAQ listed technology firm to SOC 2 Type 1 compliance. This client told us in late November 2021 that it was crucial that they get their SOC 2 certification letter by the end of January 2022. This did not leave us with much time to get their house in order, but they had important customers requiring SOC 2 compliance in order to continue doing business with our client.

Why HITRUST?  

HITRUST develops risk and compliance management frameworks, assessment, and assurance methodologies, maintains them, and provides access to them, being in collaboration with the leaders of information security and risk management, both from the public and private sectors. HITRUST aims to fill the gaps still not addressed by some regulations.

HITRUST Common Security Framework addresses security, privacy, and regulatory challenges organizations face. HITRUST includes and cross-references numerous globally recognized standards, follows a risk-based approach, and creates the options for a well-orchestrated unified method of managing data protection compliance. This makes HITRUST highly beneficial for those organizations seeking to safeguard the data, but this also makes HITRUST not easily implementable for those businesses that still require staff training and bringing all the processes to higher standards to implement HITRUST. Digital Edge is the right partner in achieving this goal.

Why OSPAR? 

Financial institutions rely heavily on outsourced service providers (OSPs) to assist with key business objectives.  

As financial institutions are ultimately responsible for the service provided to their customers, OSPs must comply with the standards and controls accepted within the financial industry.  

The Association of Banks in Singapore has established the Guidelines on Control Objectives and Procedures for all OSPs desiring to work with the numerous financial institutions in Singapore. To demonstrate your organization’s ability to meet these guidelines, an Outsourced Service Provider Audit Report (OSPAR) attestation is mandatory. Without an OSPAR attestation, your organization will not be able to provide services to the rapidly growing number of financial institutions in Singapore.  

Digital Edge will ensure that your organization will receive an OSPAR attestation as proof that it has implemented adequate cybersecurity safeguards to maintain the governance and consistency required. With OSPAR, your company will be ready to conduct business, and guarantee the security of your client’s critical information.

We are a leading IT company and AWS Partner which is headquartered in New York, yet staffed globally. Indeed, even prior to the disruption brought on by the Covid pandemic, we had a decentralized organization where the talent we sourced was more important to us than where our talent was sourced. With this as a guiding principle, we as many other IT firms tended to have substantial staff located in Ukraine.

It all worked great for many years as a win-win-win for our Ukrainian staff, which was happy to be employed by a US firm (and to be paid in US dollars); for our clients which were happy with a work product that exceeded expectations; and for Digital Edge, which was happy to have happy clients (and to be paying competitive, albeit steadily, rising compensation in US dollars).

The big IT problem facing many companies today is the recent explosive growth in privacy and cybersecurity laws they must comply with.

Cybernews met with Michael Petrov to talk about the importance and benefits of properly implemented cybersecurity management systems.

Digital Edge is proud to announce that one of our strategic cybersecurity advisors, Aleksandr Kondratiuk, has successfully received the ISO-27001 Lead Auditor certification! The certification exhibits our team's ongoing commitment to assist our clients better and grow our professional skills.

Digital Edge is proud to announce that we successfully assisted and obtained an OSPAR certification for one of our FinTech clients. 

What is OSPAR? OSPAR (Outsourced Service Providers Audit Report) is a report that can only be issued by one out of 5 accredited auditors. It is a critical pre-requisite for the 3rd party vendors, to demonstrate their adherence to stringent guidelines & best practices if they wish to conduct business in Singapore.  

Usually my blog posts are focused on the arguably mundane practices of cybersecurity governance. Today, though, I would like to get into something a bit spicier. Right now, as I write this, Russia has about 90,000 troops amassed at the Ukrainian border, and China has been harassing Taiwanese airspace for months. Some kind of aggressive action, possibly cyber-related, seems very possibly forthcoming; and with it, likely a response in kind.
 
It’s a known fact that Russia, China, North Korea, Iran and others engage in regular cyber attacks against the other countries including the US. We see this all the time. What I think is unclear to most people are the rules governing the responses to such attacks. Below I discuss a broad overview of how cyber attacks are handled by governments around the world.
 
First off, you should know that the international law around the rights self defense of a state actor is extremely murky and highly disorganized. Furthermore, different countries disagree on the interpretation of laws that exist. That being said, there are some general rules that are followed by responsible governments.

One regulation we help clients with is the New York State DFS 23 NYCRR Part 500 compliance.
 
Who does DFS regulate?

According to its website: “DFS is the primary regulator for all state-licensed and state-chartered banks, credit unions, and mortgage bankers and brokers. All mortgage loan servicers doing business in New York State must be registered or licensed by DFS. The Department also oversees all of the insurance companies operating in New York, licenses all of the budget planners, finance agencies, check cashers, money transmitters, and virtual currency businesses operating in New York.”
 
The requirements of part 500 are generally nothing out of the ordinary, or rather, nothing more than what is already considered good practice in the cybersecurity world.