Blog

Brian Johnson
Contributor

Business Continuity Policy Best Practices | A Practical Guide to SOC 2 Compliance

December 10, 2018

A business continuity policy is a critical part of your SOC 2 preparation. An estimated 25% of businesses never fully recover from a major disaster. For small businesses, in particular, it can be difficult to return to normalcy after a significant disruption. Most companies have insurance and emergency funds, but those won’t protect you from failure to provide business functions

Read more
Brian Johnson
Contributor

How SOC 2 Saves Time On Security RFI | A Practical Guide To Answer Any RFI

December 6, 2018

You’ve gone through the rigorous process of completing your SOC 2 certification.  Your policies are thorough, you have airtight procedures, your staff is sufficiently trained, and if anybody so much as sneezes around your datacenter you’ll know about it before someone says, “Gesundheit!”  It’s time to kick back in your chair, throw your feet up on the desk and relax,

Read more
Brian Johnson
Contributor

What’s Included in a SOC 2 Report: A Breakdown

December 3, 2018

A SOC 2 report (Service Organization Control report 2) focuses on the controls a company uses to protect customer data, as well as the operational effectiveness of those controls. A SOC 2 report should not be confused with a SOC 1 report, which focuses on a company’s financial reporting, nor should it be confused with a SOC 3 report, which

Read more
Brian Johnson
Contributor

Which Compliance is Right for Me?

November 27, 2018

HIPAA. NIST. ISO. FedRAMP. FISMA. SOC 2. These are just a few of the acronyms for compliance frameworks that your customers may be asking you about. The big question your organization needs to answer is, “Which compliance is right for me?” This blog post will focus on helping you understand some of the popular compliance frameworks, and specifically how they

Read more
Brian Johnson
Contributor

Cyber Risk Management Best Practices | A Practical Guide to SOC 2 Compliance

November 21, 2018

The cyber risk management policy answers this question: “What is our risk management philosophy and methodology based on our landscape?” In this policy, you will identify security incidents that could occur based on security incidents that have already happened.  Then you will identify how to prevent and remediate those incidents and what the timeline to do so would look like.

Read more
Brian Johnson
Contributor

Data Classification Policy Best Practices | A Practical Guide to SOC 2 Compliance

November 14, 2018

When thinking about how to properly secure your company’s systems and information, it’s easy to approach it from strictly a technical point of view.  You might be worried about things like making sure systems are protected with antivirus, that you have an effective firewall protecting your network perimeter, and that your data is backed up.  In the context of SOC

Read more
Brian Johnson
Contributor

SOC 2 Confidentiality Policy Best Practices | SOC 2 School

November 14, 2018

Your SOC 2 confidentiality policy defines procedures to handle confidential information about clients, partners, and the company. Clients and partners expect you to keep their data secure and a confidentiality policy will demand this same expectation of your employees. Here are best practices to consider when writing your confidentiality policy: Answer this question: “What is confidential in your business?” Confidential

Read more