The Definitive Guide to SOC 2 Policy Frameworks

If this is your first time pursuing SOC 2 certification, you will quickly find that documentation is the cornerstone of a successful audit.  Writing clear, concise policies is especially critical, and if you don’t currently have a policy structure in place, it can be difficult to figure out which policies you need.  In this post, we will help you get started with a hierarchy to follow, as well as a

Read more

Which Compliance is Right for Me?

HIPAA. NIST. ISO. FedRAMP. FISMA. SOC 2. These are just a few of the acronyms for compliance frameworks that your customers may be asking you about. The big question your organization needs to answer is, “Which compliance is right for me?” This blog post will focus on helping you understand some of the popular compliance frameworks, and specifically how they relate to SOC 2. HIPAA vs SOC 2 HIPAA (Health

Read more

Information Security Policy Best Practices | A Practical Guide for SOC 2 Compliance

As you pursue SOC 2 certification, it’s easy to suffer from documentation fatigue. It may feel like every little thing you do with your systems and data has to have a policy written about it (and there’s probably some truth to that). These policies all tie back to the information security policy, which in many ways is the cornerstone of your security program. It answers many of the big questions

Read more