Take a deep breath - you’ve got this. Once your blood pressure is back to a reasonable level, start by looking at the RFI itself and ask yourself some questions.
Posts by Category:
- SOC 2
- Privileged Access Management
- Identity and Access Management
- Role-Based Access Control
- Zero Trust
- ISO 27001
- Secure Access Service Edge
A SOC 2 report focuses on the controls a company uses to protect customer data, as well as the operational effectiveness of those controls.
This post will help plan and manage time expectations and establish a timeline of deliverables - working backward from your SOC audit start date.
FISMA vs FedRAMP, NIST vs ISO, SOC 2 vs HIPAA, ISO27001 vs SOC 2. The differences between these and which compliance is right for you.
It’s important to keep your Information Security Policy high level. Here are some key points your information security policy should include.
This episode Justin McCarthy has an in-depth chat with Troy Hunt, a respected web security expert, Pluralsite author, and creator of 'Have I Been Pwned?' They talk about all things password related including password reuse, biometrics, and the way security has changed over time.
The cyber risk management policy answers this question: “What is our risk management philosophy and methodology based on our landscape?”
Justin McCarthy has an in-depth chat with Harry Sverdlove, Co-founder and CTO at Edgewise Networks. They talk about how network security is going through an evolution and is ripe for change right now, as well as a pragmatic look at the past, present and future of firewalls and their cousins.
A data classification policy provides a way to ensure sensitive information is handled according to the risk it poses to the organization.
Your SOC 2 confidentiality policy defines procedures to handle confidential information about clients, partners, and the company. Clients and partners expect you to keep their data secure and a confidentiality policy will demand this same expectation of your employees.Here are best practices to consider when writing your confidentiality policy
This episode we sit down with Will Charczuk, Engineering Group Lead at Blend. Will oversees the service management, runtime & alerting, and operations sub-teams. The crew talks in-depth about rapid deployment in a highly secure environment.
It’s safe to say that not many service providers look forward to soc 2 compliance. I'd guess not many of you have the AICPA on speed dial. Whether you're preparing for a Type 1 or Type 2, audits may be perceived as events that you prepare for and complete, but then eventually they go away - at least for a while.