blog /
ISO 27001 vs. SOC 2: Understanding the Difference

ISO 27001 vs. SOC 2: Understanding the Difference

SOC 2 and ISO 27001 both provide companies with strategic frameworks and standards to measure their security controls and systems against. But what’s the difference between SOC 2 vs. ISO 27001? In this article, we’ll provide an ISO 27001 and SOC 2 comparison, including what they are, what they have in common, which one is right for you, and how you can use these certifications to improve your overall cybersecurity posture.
Answering Auditors’ Questions in a SOC 2 Review

Answering Auditors’ Questions in a SOC 2 Review

We recently completed our own SOC 2 audit, so we thought we’d review how we dogfooded our own product. We’ll share tips and tricks to make the audit process a little easier, whether you’re wrapping up your own or about to dive into the coming year’s audit. Here are the questions auditors asked us during our own SOC 2 audit and the commands and strongDM tooling we used to gather the evidence they requested.
What Would My SOC 2 Dashboard Look Like?

What Would My SOC 2 Dashboard Look Like?

As your organization pursues your SOC 2 certification, organization is critical. ‍You will be busy actively managing dozens of ongoing daily tasks, which can bury you in minutiae. But at the same time, you need to keep your high-level compliance goals in focus in order to successfully move your certification over the finish line.
Everything You Need to Know About SOC 2 Audits

Everything You Need to Know About SOC 2 Audits

Whether you’re looking to achieve SOC 2 compliance, or just want to learn more about it, your Googling is bound to lead you to a wealth of articles chock full of buzzwords and acronym soup. ‍In this post, we will provide a guide with definitions, links and resources to gain a solid understanding of everything you need to know about SOC 2 audits.
A Definitive Guide to SOC 2 Policies

A Definitive Guide to SOC 2 Policies

In this post, we will help you get started with a hierarchy to follow, as well as a summary of each individual SOC 2 policy.
Software Development Life Cycle (SDLC) Policy

Software Development Life Cycle (SDLC) Policy

A software development lifecycle (SDLC) policy helps your company not suffer a similar fate by ensuring software goes through a testing process, is built as securely as possible, and that all development work is compliant as it relates to any regulatory guidelines and business needs.‍Here are some primary topics your software development lifecycle policy and software development methodology should cover
BYOD Policy | Best Practices to Help Keep Your Network Secure

BYOD Policy | Best Practices to Help Keep Your Network Secure

Bring your own device, can be tricky to regulate. At a minimum, your BYOD policy should define certain requirements to help secure your network.
SOC 2 Terminology Glossary

SOC 2 Terminology Glossary

SOC 2 compliance, like so many things related to IT and security, is chock full of terms and acronyms to learn. If you are just getting started with SOC 2, it’s helpful to get familiar with this alphabet soup ahead of time so you can move your compliance efforts forward with confidence. Below is a SOC 2 terminology glossary to get you started:
9 Tips for an Effective Security Incident Response Policy (SIRP)

9 Tips for an Effective Security Incident Response Policy (SIRP)

Important core concepts within the SIRP so that you understand the purpose of this policy before writing your own.
How To Prepare For Your First SOC 2 Audit A 30-90-120 Day Plan

How To Prepare For Your First SOC 2 Audit A 30-90-120 Day Plan

Despite thousands of articles, there’s shockingly little actionable advice to help startups complete SOC 2. One area that usually requires some remediation is access controls. Most teams don’t have answers when auditors ask “who has access to a specific database or server and what queries did they execute?” That’s why we started strongDM- to manage and monitor access to every database, server, & environment.
What is Data Center Security & 4 Ways to Improve

What is Data Center Security & 4 Ways to Improve

Data center security refers to the protection of data centers against threats such as cyber-attacks, natural disasters, and human error. The number of data centers has increased significantly over the last decade, and so has the amount of security-related disasters. In 2022, the global data center ...
How to Write Your Software Development Lifecycle Policy

How to Write Your Software Development Lifecycle Policy

A staggering amount of cybersecurity breaches are caused by software vulnerabilities. From the early worms of the 1980s through the early 2000s - like Blaster, Code Red, and Melissa - to the notable Petya and WannaCry of the past few years, these vulnerabilities are all rooted in software flaws that allowed systems to be exploited. A software development lifecycle (SDLC) policy helps your company not suffer a similar fate by ensuring software goes through a testing process, is built as securely
4 Key Considerations for Your Change Management Policy

4 Key Considerations for Your Change Management Policy

Documenting and communicating policy and system changes in your organization can be an arduous task. But the effort becomes more manageable when you have a plan in place before an emergency.
Audit Log Review and Management Best Practices

Audit Log Review and Management Best Practices

The what, where, why and how of audit logging and review for IT security investigations and compliance requirements.
StrongDM app UI showing available infrastructure resources
Connect your first server or database in 5 minutes. No kidding.