The cyber risk management policy answers this question: “What is our risk management philosophy and methodology based on our landscape?”
Posts by Category:
- SOC 2
- Privileged Access Management
- Identity and Access Management
- Zero Trust
- ISO 27001
- Role-Based Access Control
- Dynamic Access Management
- Secure Access Service Edge
A data classification policy provides a way to ensure sensitive information is handled according to the risk it poses to the organization.
Your SOC 2 confidentiality policy defines procedures to handle confidential information about clients, partners, and the company. Clients and partners expect you to keep their data secure and a confidentiality policy will demand this same expectation of your employees.Here are best practices to consider when writing your confidentiality policy
It’s safe to say that not many service providers look forward to soc 2 compliance. I'd guess not many of you have the AICPA on speed dial. Whether you're preparing for a Type 1 or Type 2, audits may be perceived as events that you prepare for and complete, but then eventually they go away - at least for a while.
There are several different levels of SOC (Service Organization Control) reports and types, so it is easy to get them confused. This post will focus on outlining the path to SOC 2 Type 2.
Ways to narrow your SOC 2 audit scope to save your company time and money so you receive your SOC 2 report with fewer migraines.
Understand who is on your core SOC 2 team, what are the roles, and how to build it.
Listen to this episode here! About This Episode strongDM Co-Founder and CTO Justin McCarthy sits down with Risky Business podcast host Patrick to discuss the strongDM technology, working from home in the current conditions, and making sure that companies have access controls in place while ...
Our SOC 2 cost estimate is $147,000 all-in but let's dig into each cost center to understand where the unexpected costs are.
SOC 2 Type 1 report assesses the design of security processes at a specific point in time, while a Type 2 report assesses how effective those controls are over time by observing operations for six months.
We've open sourced all our SOC 2 policy templates so fellow startups can easily adopt for free.