I.S. Partners, LLC

I.S. Partners, LLC Work with IS Partners, and you’ll work with trusted experts in a client-focused, transparent environment.

Our skills are unsurpassed in internal audit, compliance, financial and IT process improvement, and operational excellence. IS Partners, LLC’s area of expertise is internal control-based audits, SOC 1, 2 and 3 attestations, HIPAA and HITECH assessments, information technology audits, banking regulatory and FDIC compliance reviews, Meaningful Use risk assessments, database security, Health Informat

ion Exchange (HIE) security assessments, DEA EPCS audits, Sarbanes-Oxley Section 404 self-assessments, Model Audit Rule (AFRMR) compliance reviews, vulnerability assessments, pe*******on testing, and Enterprise Risk Management (ERM). IS Partners, LLC has completed over 800 such engagements, employing a professional staff that includes Certified Public Accountants (CPA), Certified Internal Auditors (CIA), Certified Information System Auditors (CISA), Certified Information Systems Security Professionals (CISSP), Certified Fraud Examiners (CFE), and Project Management Professionals (PMP). IS Partners provides its own “Seal of Excellence” to SOC 1 and SOC 2 audit recipients with unqualified opinions.

🛡️Most companies fail SOX compliance before they even start.Why?Because they treat it like a one-time audit instead of a...
03/14/2025

🛡️Most companies fail SOX compliance before they even start.

Why?

Because they treat it like a one-time audit instead of a continuous process.

Here’s the reality: SOX compliance isn’t just about checking a box. It’s about protecting financial integrity, reducing risk, and ensuring accountability. And if you’re not thinking long-term, you’re already falling behind.

So, how do you implement SOX compliance the right way?

⤷ Plan your annual SOX audit – Make compliance an ongoing process, not a last-minute scramble.

⤷ Conduct a risk assessment – Identify vulnerabilities before they turn into costly mistakes.

⤷ Define materiality thresholds – Focus on financial data that truly impacts decision-making.

⤷ Implement key SOX controls – Think access controls, segregation of duties, and secure data handling.

⤷ Test controls regularly – Interim and year-end testing are critical to staying compliant.

⤷ Address deficiencies ASAP – Don’t wait for an external audit to uncover weak points.

⤷ Maintain thorough documentation – If it’s not documented, it didn’t happen.

SOX compliance isn’t just about avoiding penalties—it’s about building trust with stakeholders and securing your company’s financial future.

Learn all about SOX compliance from our latest blog article: https://hubs.li/Q03bSBr00

🔽 What’s been your biggest challenge with SOX compliance? Drop a comment below!

P.S. Know someone navigating SOX compliance? Share this post—it might save them a headache.

🚨 Happening TODAY at HIMSS 25! We’re halfway through HIMSS 25—have you made the most of it yet?If security and complianc...
03/05/2025

🚨 Happening TODAY at HIMSS 25!

We’re halfway through HIMSS 25—have you made the most of it yet?

If security and compliance are on your mind, don’t miss this essential session.

Join us at 3:30 PM – 3:50 PM for our speaking engagement, entitled:
"The Benefits of HITRUST vs. Other Third-Party Assurance Frameworks" and learn:

✅ How HITRUST compares to other frameworks

✅ Why HITRUST is becoming the gold standard for compliance

✅ Insights from IS Partners' experts Ian Terry, Robert Godard, and Phil LaRocca

Don't just hear about it—be part of the conversation. See you there! 👏

Drop by our booth (C1000-07) and engage with our team members today!

🚨 Security failures happen when responsibilities aren’t clear.In a shared environment—where companies rely on cloud prov...
03/03/2025

🚨 Security failures happen when responsibilities aren’t clear.

In a shared environment—where companies rely on cloud providers like AWS and Azure—who owns what?

🔹 Who manages encryption?
🔹 Who ensures access controls?
🔹 Who’s accountable if there’s a breach?

Too often, the answer is unclear—and that’s where the HITRUST Shared Responsibility Matrix (SRM) comes in.

The SRM defines, documents, and simplifies security ownership so that:

⤷ No control is left unaccounted for

⤷ Organizations don’t duplicate efforts on security

⤷ Compliance becomes a streamlined, collaborative process

Inheriting security controls from your cloud provider isn’t just about efficiency—it’s about eliminating risk, reducing costs, and ensuring accountability.

Want to dive deeper? Read the full article here: https://hubs.li/Q038XSQ10

Or if you’re looking for expert guidance, contact IS Partners: https://hubs.li/Q038XPhB0

👇 Are you 100% sure you know who owns what in your security framework? Or does this sound all too familiar? Let’s chat in the comments.

P.S. Know someone dealing with this? Share this post!

Most companies don’t fail HITRUST. They just aren’t ready for it.HITRUST has:💠19 domains, 135 controls, and different ce...
02/25/2025

Most companies don’t fail HITRUST. They just aren’t ready for it.

HITRUST has:
💠19 domains, 135 controls, and different certification levels.
💠 A mix of HIPAA, NIST, ISO, and other regulations.
💠 A detailed audit process that catches unprepared teams off guard.

Getting HITRUST certified is tough, but a step-by-step checklist keeps you on track.

Solid preparation is the key:
1️⃣Scope it right—don’t waste time on stuff that doesn’t apply.
2️⃣Bring in an auditor early—avoid last-minute surprises.
3️⃣Run a readiness check—find gaps before HITRUST does.
4️⃣Lock in policies and controls—make compliance part of daily ops.

You don’t need to guess your way through HITRUST.
Follow the steps, avoid the chaos, and get certified with confidence.

Want to learn more? Read all about it here:
https://hubs.li/Q036DJvY0

Have you gone through HITRUST certification? What’s been your biggest headache?
Drop a comment.👇

P.S. Share this post to anyone you know who's starting the HITRUST process now-
they'll thank you later!

🏥 HIPAA compliance isn’t just about security—it’s about keeping your revenue flowing.RCM touches every part of patient d...
02/24/2025

🏥 HIPAA compliance isn’t just about security—it’s about keeping your revenue flowing.

RCM touches every part of patient data:
→ Claims submissions
→ Billing platforms
→ Third-party vendors

If one step is vulnerable, your entire revenue cycle is at risk. Fines, claim denials, lost trust—it all adds up.

Here’s how to lock down HIPAA compliance in RCM:

• Run risk assessments → Spot vulnerabilities before regulators do.

• Limit data access → Only the right people should see PHI.

• Encrypt everything → In transit & at rest. No exceptions.

• Audit third-party vendors → Their mistakes become your liability.

• Train billing & coding teams → A single error can trigger a breach.

• Update policies constantly → HIPAA rules evolve. So should you.

At I.S. Partners, we help RCM teams integrate HIPAA into every step—so compliance never slows down revenue.

"Our approach to RCM industries is differentiated by our experience. IS Partners understands the intricacies of Revenue Cycle Management (RCM), which allows us to work seamlessly with our clients to help them reach their goals." - Phil LaRocca, Director of Healthcare Compliance at IS Partners

🔗 Full article here: [https://hubs.li/Q037Tnky0]

📅 Want a compliance check-up for your RCM process? Book a call with our experts: [https://hubs.li/Q037TqWh0]

What’s your biggest challenge in keeping RCM compliant? Let’s talk below! 👇

P.S. Know an RCM leader who needs this? Share it forward.

📶 Most IoT devices are NOT secure. The U.S. Cyber Trust Mark is here to change that.Cyberattacks on IoT devices have qua...
02/24/2025

📶 Most IoT devices are NOT secure. The U.S. Cyber Trust Mark is here to change that.

Cyberattacks on IoT devices have quadrupled in the last few years.

Consumers have no way of knowing which smart devices are truly secure.

Enter the U.S. Cyber Trust Mark—a cybersecurity certification that helps consumers choose safe IoT devices and pushes manufacturers to meet higher security standards.

Here’s what you need to know:

• It’s voluntary ➡ Manufacturers aren’t required to comply (yet).

• It sets a new security standard ➡ Devices must meet NISTIR 8425 guidelines.

• It provides transparency ➡ A QR code will show consumers security details.

• It covers common IoT devices ➡ Smart home products, wearables, and more.

• It aims to reduce cyber risks ➡ Encouraging stronger security measures across the industry.

The program officially launched in 2025, but manufacturers are already preparing.

🔗 Read the full article here: [https://hubs.li/Q037TlYr0]

💡 Need help navigating compliance?

The experts at I.S. Partners can help you fast-track certification, prepare for audits, and ensure compliance with ease.

👉 Book a free consultation today! [https://hubs.li/Q037Tk3N0]

👇 What do you think—will this program actually make IoT devices safer?

P.S. If this info was useful, repost to spread awareness

🛡️ DORA compliance is now mandatory! Are you ready? January 17, 2025, has come and gone, but many financial institutions...
02/21/2025

🛡️ DORA compliance is now mandatory! Are you ready?

January 17, 2025, has come and gone, but many financial institutions and ICT providers are still not fully compliant.

💬 "DORA provides very specific provisions that haven’t necessarily been seen written into such expansive security-specific legislation before ... The regulation aims, at its core, to counteract the presence of growing and expanding cyber threats." – Joe Ciancimino, Director at IS Partners

A single cyber incident can ripple across the entire financial system. DORA was designed to stop that.

❓What does DORA aim to resolve?
Before DORA, financial firms relied on capital reserves to absorb operational risks. But money doesn’t stop cyber threats.

DORA changes the game by:

⤷ Mandating resilience testing (including pe*******on tests every 3 years)

⤷ Requiring continuous ICT risk management & monitoring

⤷ Enforcing strict vendor security compliance

⤷ Ensuring rapid & structured incident reporting

❓Why are firms struggling with compliance?
The deadline has passed, but many organizations are still falling short because:

⚠️ Their third-party ICT providers aren’t DORA-compliant

⚠️ They lack clear risk assessment frameworks

⚠️ They haven’t implemented mandatory pe*******on testing

⚠️ Their incident reporting processes don’t meet regulatory standards

If your company is behind, you don’t have time to waste.

❓How IS Partners Can Help
IS Partners offers two tailored solutions to fast-track DORA compliance:

✔ Compliance Assessment – A deep-dive review of your existing controls through an audit, including:

⤷ Documentation review & management inquiries
⤷ Walkthroughs to assess compliance gaps
⤷ A detailed report with findings & remediation steps

✔ Combined SOC 2 + DORA Package – For clients already undergoing a SOC 2 audit (or potentially other frameworks), this package:

⤷ Maps existing controls to DORA requirements
⤷ Provides dual compliance insights across multiple standards
⤷ Delivers a final report aligning SOC 2 & DORA frameworks

💡 It’s not too late to get compliant. Read our full DORA Compliance Guide + Free Checklist here: 👉 https://hubs.ly/Q037KVGv0

How is your company handling DORA compliance? Let’s talk in the comments 👇

Learn more about DORA—meet with our experts today! https://hubs.ly/Q037KWzv0

P.S. Know someone who needs this? Tag them!

🚨 IS Partners is excited to be bringing BIG insights to HIMSS 2025! 🚨Healthcare continues to be highly targeted by cybe...
02/18/2025

🚨 IS Partners is excited to be bringing BIG insights to HIMSS 2025! 🚨

Healthcare continues to be highly targeted by cybercriminals, and attackers are constantly changing their tactics.

Meet us at the epicenter of healthcare innovation, HIMSS '25, where we'll be doing our part to help healthcare professionals learn how to proactively defend and protect their data with confidence.

First of all, we'll be at Booth C1000-07 in the Cybersecurity Command Center at Caesar’s Forum March 3-6.

Stop by, say hello, and let’s chat!

But that’s not all…

We're hosting a live presentation!

📅 When: Wednesday, March 5th
⏰ Time: 3:30 PM – 3:50 PM
📍 Where: Theater B | Cybersecurity Command Center- at Caesars Forum
(across from our booth)

If you're using third-party vendors in any aspect, you won't want to miss this discussion!

Our expert presenters will answer:

🔹Are your vendors secure? How to make sure they're protecting your data

🔹 How does HITRUST stack up against other security frameworks?

🔹All your compliance, risk, and vendor management questions

We love meeting our customers! Please join us and make HIMSS 2025 the best year ever!

Get more presentation details here: https://hubs.li/Q035fQpP0

Register to attend here: https://hubs.li/Q035fRbj0

Are you coming? Let us know and we'll save you a seat!

♻️Know someone in healthcare? Tag them! They’ll appreciate it.

🤔SOC vs. SOX – Why does everyone mix these up? A question we get asked all the time: "Do we need SOC or SOX compliance?"...
02/13/2025

🤔SOC vs. SOX – Why does everyone mix these up?

A question we get asked all the time: "Do we need SOC or SOX compliance?"

So we thought we'd break it down once and for all:

📌SOC → Focuses on data security and privacy controls- securing customer data
📌SOX → Focuses on companies maintaining financial integrity- for public companies

One secures data. One secures investors. Totally different.

But of course… some companies need BOTH. And the smart ones find ways to streamline their compliance.

How, you ask? It just so happens we wrote an entire article about it so you can dive in!
👉 https://hubs.li/Q036xtbX0

💬 Have you ever been confused about this yourself? Ask us your questions in the comments below.

If you found this helpful, please repost and share it with your network! ♻️

🤖 Using AI? Big changes are coming—here’s what you need to know!AI regulations are evolving fast, and two major rules ar...
02/11/2025

🤖 Using AI? Big changes are coming—here’s what you need to know!

AI regulations are evolving fast, and two major rules are taking center stage. They both aim to keep AI in check, but with very different approaches.

No worries, we’ve got the breakdown for you!

➡️ California’s SB 1047 (proposed) – Stricter rules for big AI models
🔹 Focuses on ethical AI development across industries
🔹 Requires kill switches, audits, and transparency
🔹 Aims to prevent unintended harm from AI

➡️ EU AI Act – Risk-based approach to AI regulation
🔹 High-risk AI gets tougher rules
🔹 Low-risk AI gets more flexibility
🔹 Ensures AI follows strict safety standards in the EU

Both push for safer AI, but one cracks down on big tech, while the other adjusts based on risk.

What does this mean for you?
If your business uses AI, these rules could impact how it’s built, regulated, and used—and you’ll want to stay ahead of them.

Get all the details you need here: https://hubs.ly/Q035HRqG0

❓Question: What are your thoughts on AI? We'd love to hear your take!

➡️Please tag your AI-using friends to keep them in the loop!

⛔Most businesses FAIL PCI compliance before they even start.Why?Because they don’t know their PCI compliance level—which...
02/06/2025

⛔Most businesses FAIL PCI compliance before they even start.

Why?
Because they don’t know their PCI compliance level—which can be a costly mistake.

A compliance level is based on the volume of credit card transactions a business processes in a 12 month period.

To find out your compliance level, you have to:

🔹Find out your annual transaction volume- across all payment channels
🔹Compare that to PCI-level requirements to understand your compliance level

But...get it wrong, and you could be overpaying (or exposing security gaps), and it's not always set in stone, there can be variables.

Here’s the level breakdowns:

Level 1️⃣: 6M+ transactions (biggest businesses, strictest audits- On Site REQUIRED)
Level 2️⃣: 1M - 6M transactions (medium businesses- self-checks and scans)
Level 3️⃣: 20K - 1M transactions (smaller businesses, quarterly scans)
Level 4️⃣:

📢 IS Partners is proud to sponsor the 7th Edition of the official Philadelphia Cybersecurity Summit event on Wed, Februa...
02/04/2025

📢 IS Partners is proud to sponsor the 7th Edition of the official Philadelphia Cybersecurity Summit event on Wed, February 19, 2025! 📢

The 7th Edition of the Philadelphia Cybersecurity Summit is an event that brings together the brightest minds in cyber defense.

IS Partners stays at the forefront of all things compliance and security, because in today’s landscape, protecting critical infrastructure is not optional—it’s mission-critical.

That's why we're looking forward to:

⤷ Hearing from top cybersecurity experts
⤷ Explore game-changing security solutions
⤷ Connect with like-minded professionals protecting their organizations

The best defense? Staying Ahead!

🚀 Will we see you there?

Read more about the event here: https://hubs.li/Q034DnW20

Drop a 🔒 in the comments if cybersecurity is a top priority for you!

P.S. Know someone who should be there? Tag them below or share this post!

Address

1668 Susquehanna Road
Philadelphia, PA
19025

Opening Hours

Monday 8am - 5pm
Tuesday 8am - 5pm
Wednesday 8am - 5pm
Thursday 8am - 5pm
Friday 8am - 5pm

Telephone

+12156751400

Website

Alerts

Be the first to know and let us send you an email when I.S. Partners, LLC posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to I.S. Partners, LLC:

Shortcuts

Share

Category