Per ISO/IEC 27002:20222 | 5.2 - Information Security Roles and Responsibilities, “Allocation of information security roles and responsibilities should be done in accordance with the information security policy and topic-specific policies. The organization should define and manage responsibilities for:

ISO 27001 certification typically involves several types of audits conducted at different stages of the certification process. These audits are designed to assess an organization's compliance with the ISO 27001 standard's requirements for information security management systems (ISMS). Here are the main types of audits for ISO 27001 certification:

In the fast-paced world of SaaS startups, where data is the lifeblood of the business, security is not just a necessity—it's a competitive advantage. When a promising SaaS startup in Dallas, Texas, recognized the critical importance of safeguarding its data assets, it turned to MorganHill, a leading consulting firm with expertise in cybersecurity and ISO 27001 certification.

In the bustling landscape of healthcare technology in Southern California, data security and privacy are without question highly important. It's a space where innovation and patient well-being converge, and where companies are dedicated to pushing the boundaries of what's possible. 

Per ISO/IEC 27002:20222 | 5.24 Information Security Incident Management Planning and Preparation, “The organization should plan and prepare for managing information security incidents by defining, establishing and communicating information security incident management processes, roles and  responsibilities.”

CPRA stands for the California Privacy Rights Act, which builds upon the existing California Consumer Privacy Act (CCPA) and expands the privacy rights and protections for California residents. CPRA advisory services for CPR from MorganHill include:

MorganHill is a leading provider of GDPR consulting & advisory services to U.S. businesses. With today’s growing data privacy regulations now in full force - and the GDPR leading the way - U.S. businesses need to be prepared.  MorganHill offers the following GDPR services: 

Per ISO/IEC 27001:2022, organizations ar to "...conduct internal audits at planned intervals to provide information on whether the information security management system:
a) conforms to
1) the organization’s own requirements for its information security management system; 
2) the requirements of this document;
b) is effectively implemented and maintained.”

An ISO 27001 surveillance audit is a periodic assessment conducted by a certification body to verify the ongoing compliance of an organization with the ISO 27001 standard. The surveillance audit is a follow-up to the initial certification audit and is designed to ensure that the organization continues to meet the requirements of ISO 27001.