Yep. My first bonus. I've been independent since 1984, most of the time.
I didn't give bonuses.
I partnered with a cyber security organization to provide repositories for my clients and help them get CMMC.
The cyber security organization (cso - from now on) had a digital error and deposited $26,000 over the period of one year in my business account by ACH.
I called them and said are you sure this is correct for you to be paying me this much.
They said yes.
How did I find out all of this?
I got a call from the Controller of CSO.
He says you have to pay it back.
Oh, my. I've spent it. Don't have it laying around. It's been used.
So now here is the question? Is this a breach of compliance for a CMMC Certified organization?
It is.
Private information of a customer was misused.
What would have prevented this?
I know. I help companies coordinate their ISO 9001 and CMMC activities to determine what occurs with data.
It is a short trip to noncompliance.
Now, what must this company do?
Notify ....
Document ...
Prevent further breaches through a corrective action.
Audit to verify expectations are followed in the future.
Call me if you want to protect you and be certified to ISO 9001 without going bankrupt.