The cyber risk management policy answers this question: “What is our risk management philosophy and methodology based on our landscape?”
Latest blog posts from Brian
A data classification policy provides a way to ensure sensitive information is handled according to the risk it poses to the organization.
Your SOC 2 confidentiality policy defines procedures to handle confidential information about clients, partners, and the company. Clients and partners expect you to keep their data secure and a confidentiality policy will demand this same expectation of your employees.Here are best practices to consider when writing your confidentiality policy
It’s safe to say that not many service providers look forward to soc 2 compliance. I'd guess not many of you have the AICPA on speed dial. Whether you're preparing for a Type 1 or Type 2, audits may be perceived as events that you prepare for and complete, but then eventually they go away - at least for a while.
There are several different levels of SOC (Service Organization Control) reports and types, so it is easy to get them confused. This post will focus on outlining the path to SOC 2 Type 2.
Ways to narrow your SOC 2 audit scope to save your company time and money so you receive your SOC 2 report with fewer migraines.
Understand who is on your core SOC 2 team, what are the roles, and how to build it.
