It's easy to focus on cybersecurity threats like social engineering and phishing. However, internal threats, such as human error and disgruntled employees, can be just as dangerous - and are often overlooked. A mature onboarding and termination policy that leverages least privilege access is essential to preventing a data breach.
Posts by Category:
- SOC 2
- Privileged Access Management
- Identity and Access Management
- Role-Based Access Control
- ISO 27001
- Zero Trust
- Secure Access Service Edge
A Business Continuity Policy is critical to your information security program & defines the critical steps your employees need to take after a disaster.
This post will help plan and manage time expectations and establish a timeline of deliverables - working backward from your SOC audit start date.
FISMA vs FedRAMP, NIST vs ISO, SOC 2 vs HIPAA, ISO27001 vs SOC 2. The differences between these and which compliance is right for you.
A data classification policy provides a way to ensure sensitive information is handled according to the risk it poses to the organization.
Your SOC 2 confidentiality policy defines procedures to handle confidential information about clients, partners, and the company. Clients and partners expect you to keep their data secure and a confidentiality policy will demand this same expectation of your employees.Here are best practices to consider when writing your confidentiality policy
This episode we sit down with Will Charczuk, Engineering Group Lead at Blend. Will oversees the service management, runtime & alerting, and operations sub-teams. The crew talks in-depth about rapid deployment in a highly secure environment.
It’s safe to say that not many service providers look forward to soc 2 compliance. I'd guess not many of you have the AICPA on speed dial. Whether you're preparing for a Type 1 or Type 2, audits may be perceived as events that you prepare for and complete, but then eventually they go away - at least for a while.
There are several different levels of SOC (Service Organization Control) reports and types, so it is easy to get them confused. This post will focus on outlining the path to SOC 2 Type 2.
Ways to narrow your SOC 2 audit scope to save your company time and money so you receive your SOC 2 report with fewer migraines.
Our SOC 2 cost estimate is $147,000 all-in but let's dig into each cost center to understand where the unexpected costs are.
SOC 2 Type 1 report assesses the design of security processes at a specific point in time, while a Type 2 report assesses how effective those controls are over time by observing operations for six months.
We've open sourced all our SOC 2 policy templates so fellow startups can easily adopt for free.