Which Compliance is Right for Me?

HIPAA. NIST. ISO. FedRAMP. FISMA. SOC 2. These are just a few of the acronyms for compliance frameworks that your customers may be asking you about. The big question your organization needs to answer is, “Which compliance is right for me?” This blog post will focus on helping you understand some of the popular compliance frameworks, and specifically how they relate to SOC 2. HIPAA vs SOC 2HIPAA (Health Insurance Portability and Accountability Act) is a United States law developed by the Department of Health and Human Services. The main objective of HIPAA is to protect patients’ medical and health information - such as health plan details and doctor visits. However, the protections HIPAA aims to provide will not attest to your organization’s maturity in terms of privacy and security. This is where SOC (Service Organization Control) comes in. SOC was created by the AICPA (American Institute of Certified Public

Read more

Token Security Podcast | Will Charczuk of Blend pt. 2

ShareAbout Token SecurityWelcome! This is the inaugural episode of Token Security, our goal is to teach the core curriculum for modern devsecops. Each week we will go deep with an expert on a specific topic so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeThis episode we sit down with Will Charczuk, Engineering Group Lead at Blend. Will oversees the service management, runtime & alerting, and operations sub-teams. The crew talks in-depth about rapid deployment in a highly secure environment.About The HostsMax SaltonstallMax Saltonstall loves to talk about security, collaboration and process improvement. He's on the Developer Advocacy team in Google Cloud, yelling at the internet full time. Since joining Google in 2011 Max has worked on video monetization products, internal change management, IT externalization and coding puzzles. He has a degree in Computer Science and Psychology from Yale.Justin McCarthyJustin McCarthy

Read more

SOC 2 Type 1 Guide | Everything You Need To Know

Cover illustration for Guide explaining SOC 2 Type 1

If you are new to compliance, it’s easy to confuse SOC 2 Type 1 and SOC 2 Type 2.  SOC 2 Type 1 is different from Type 2 in that a Type 1 report assesses the design of security processes at a specific point in time, while a Type 2 report (also commonly written as “Type ii”) assesses how effective those controls are over time by observing operations for six months.  If that weren’t confusing enough, SOC 2 is different than SOC 1, which focuses on an organization’s financial statements and financial reporting. It’s also different than SOC 3, which reports on the same information as SOC 2, but in a format intended for a more general audience. This blog post will focus specifically on SOC 2 Type 1. You will also need to determine which report types best fit the needs of your company and customers.  For some background,

Read more