Remote Access Policy Best Practices | A Practical Guide to SOC 2 Compliance

Our world has changed.  Gone are the days of an 8 to 5 work day at a physical office, and leaving all your responsibilities behind at the end of the day.  We now live in a 24×7 global economy and are perpetually connected to our corporate networks with cell phones, laptops, and tablets.  The convenience of “work from anywhere” introduces some exciting challenges for your information security and information technology

Read more

Workstation Security Policy Best Practices | A Practical Guide to SOC 2 Compliance

Some might say that workstations are a necessary evil.  Users with varying degrees of technical and security aptitude are using them 24/7, communicating with the world and taking care of business.  With workstations being an indispensable part of business comes a substantial security burden, especially for your information technology staff.  In the workstation security policy, you will define rules intended to reduce the risk of data loss/exposure through workstations. Often, information security

Read more

Encryption Policy Best Practices | A Practical Guide to SOC 2 Compliance

You wouldn’t leave the house without making sure your doors and windows were locked, and that any valuables were hidden or secured in a safe. That way, if you were robbed, the burglar would have a difficult time accessing your most precious assets. In the same way, you need to make sure your organization’s critical data is well protected. While layers of defense such as firewalls and IDS/IPS are essential,

Read more

Access Onboarding and Termination Policy | A Practical Guide to SOC 2 Compliance

It’s easy to focus on cybersecurity threats like social engineering and phishing. However, internal threats, such as human error and disgruntled employees, can be just as dangerous – and are often overlooked. A mature onboarding and termination policy is essential to preventing a data breach. Employees and other internal users were the cause of 60% of data breaches – both intentional and accidental – in 2016. In the world of

Read more

Business Continuity Policy Best Practices | A Practical Guide to SOC 2 Compliance

A business continuity policy is a critical part of your SOC 2 preparation. An estimated 25% of businesses never fully recover from a major disaster. For small businesses, in particular, it can be difficult to return to normalcy after a significant disruption. Most companies have insurance and emergency funds, but those won’t protect you from failure to provide business functions at an acceptable level to your customers. A business continuity

Read more

How SOC 2 Saves Time On Security RFI | A Practical Guide To Answer Any RFI

You’ve gone through the rigorous process of completing your SOC 2 certification.  Your policies are thorough, you have airtight procedures, your staff is sufficiently trained, and if anybody so much as sneezes around your datacenter you’ll know about it before someone says, “Gesundheit!”  It’s time to kick back in your chair, throw your feet up on the desk and relax, right? But what if a customer sent over an RFI

Read more

Data Center Security Policy Best Practices | A Practical Guide for SOC 2 Compliance

There are many things to consider and questions to ask yourself when setting up your data center. Should you host your data on-premise or in the cloud? If the data is cloud-hosted, who is responsible for security? Is it the company who owns the data, the cloud provider, or both? for answers to all your SOC2 questions. The data center security policy outlines procedures and information security measures to prevent

Read more

What’s Included in a SOC 2 Report: A Breakdown

A SOC 2 report (Service Organization Control report 2) focuses on the controls a company uses to protect customer data, as well as the operational effectiveness of those controls. A SOC 2 report should not be confused with a SOC 1 report, which focuses on a company’s financial reporting, nor should it be confused with a SOC 3 report, which has similar output to a SOC 2 report but in

Read more

How Long Does It Take To Complete a SOC Audit | A Timeline To Plan for SOC 2

Book describing how long does it take to get soc 2

You scheduled your on-site SOC 2 testing. While the initial step is complete, there is still a lot of process and time before you’re past the finish line. This post will help plan and manage time expectations and establish a timeline of deliverables - working backward from your SOC audit start date.  The Purpose of SOC 2 Audits SOC is a system of service organization controls. SOC stands for “system

Read more

Which Compliance is Right for Me?

HIPAA. NIST. ISO. FedRAMP. FISMA. SOC 2. These are just a few of the acronyms for compliance frameworks that your customers may be asking you about. The big question your organization needs to answer is, “Which compliance is right for me?” This blog post will focus on helping you understand some of the popular compliance frameworks, and specifically how they relate to SOC 2. HIPAA vs SOC 2 HIPAA (Health

Read more