How to Answer Auditor's Questions
StrongDM can assist your organization in preparation for compliance audits with a variety of learning tools and examples. The process can be broken down into learning about the objectives for the audit, preparing for the audit, and gathering the required technical information from StrongDM for the audit.
- Learning about auditing objectives for SOC2, ISO 27001, and other frameworks that require an understanding of key controls. StrongDM supplies a library of detailed guides and blogs about the different standards such as HIPAA, SOX, PCI, and others.
- StrongDM can assist you in planning and preparation of your compliance checks. StrongDM maintains an open-source framework tool called Comply that can help automate and templatize the documentation process for SOC2.
- Once you have StrongDM deployed in your organization, there are many examples on how to get the information that an auditor might request, such as via CLI or SDK, or even in more advanced scenarios, using your SIEM.
This guide will collect and present many types of materials from throughout the StrongDM ecosystem in a unified manner. Depending on your learning style, we have blogs, e-books, videos, and other resources that can be leveraged to successfully learn about, plan for, and execute on an audit with StrongDM.
Learning About Auditing Objectives
- Understanding SOC2
- StrongDM Articles:
- The Differences Between SOC 1 vs. SOC 2
- What is a SOC 2 Report: A Breakdown
- Answering Auditors' questions in a SOC2 Review
- Everything You Need to Know About SOC 2 Audits
- How To Prepare For Your First SOC 2 Audit A 30-90-120 Day Plan
- How Long Does It Take To Complete a SOC 2 Audit: A timeline
- SOC 2 Terminology Glossary
- A Definitive Guide to SOC 2 Policies
- What Would My SOC 2 Dashboard Look Like?
- ISO 27001 vs. SOC 2: Understanding the Difference
- StrongDM Coursework:
- StrongDM Videos:
- StrongDM Articles:
- Understanding PCI, HIPAA, SOX, NIST, and others
- StrongDM Articles:
- FISMA vs FedRAMP, NIST vs ISO, SOC 2 vs HIPAA, ISO27001 vs SOC 2: Which Compliance is Right for Me?
- 12 PCI DSS Compliance Requirements Explained (Checklist)
- HITRUST vs. HIPAA: Understanding the Difference
- What Are the Three Rules of HIPAA? Explained
- The HIPAA Minimum Necessary Standard Explained
- What Is a HIPAA Violation? 12 Most Common Examples
- What Are the Penalties for Violating HIPAA? (Civil & Criminal)
- PCI Compliance: 2022 Complete Guide
- HIPAA Compliance: 2022 Complete Guide
- SOX Compliance: 2022 Complete Guide
- NIST Compliance: 2022 Complete Guide
- StrongDM eBooks:
- StrongDM Articles:
- Understanding ISO 27001
- StrongDM Articles:
- ISO 27001 vs. SOC 2: Understanding the Difference
- NIST vs. ISO: Understanding the Difference
- ISO 27001 Audit: Everything You Need to Know
- ISO 27001 Certification Process: A Definitive Guide
- ISO 27001 vs. 27002 vs. 27003: What’s the Difference?
- ISO 27001 Checklist: Easy-to-Follow Implementation Guide
- How Much Does ISO 27001 Certification Cost in 2022?
- StrongDM Coursework / Books:
- StrongDM Articles:
Planning and Preparing with StrongDM
- Comply Project: Comply is free SOC 2 compliance software for SOC 2 certification. It's an open-source repo for resource management and pre-authored policies. It’s a GitHub repository. It's a Slack channel. It's education. And it's free!
Comply is a SOC2-focused compliance automation tool:
- Policy Generator: markdown-powered document pipeline for publishing auditor-friendly policy documents
- Ticketing Integration: automate compliance throughout the year via your existing ticketing system
- SOC2 Templates: open source policy and procedure templates suitable for satisfying a SOC2 audit
- StrongDM Articles:
- StrongDM GitHub Repository:
- StrongDM Videos:
- What is Observability?
- Customer experiences using StrongDM for compliance audits and controls:
Using StrongDM to gather evidence and audit information: a technical overview
- Queries and Captures: Queries for activity, databases, Kubernetes, cloud CLIs, SSH, RDP, and others.
- StrongDM Videos:
- StrongDM Technical Documentation:
- StrongDM Admin guide: Logging overview
- StrongDM Admin guide: Using StrongDM Logs
- StrongDM Admin guide: Auditing Queries
- StrongDM Admin guide: Auditing SSH
- StrongDM Admin guide: Auditing Activities
- StrongDM Admin guide: Monitoring and Observability
- StrongDM Admin Guide: ‘sdm audit’ CLI command reference
- StrongDM Articles:
- StrongDM eBooks:
- (Advanced) Using StrongDM’s SDKs to automate data collections:
- Example scripts for audit collection of users and roles:
- StrongDM SDKs on GitHub
- Exporting Logs to 3rd party systems such as your SIEM with StrongDM’s Log Export Container (known as the LEC).
The LEC is a docker container that can be easily deployed and configured to export StrongDM query logs.
- StrongDM LEC Github repository:
- StrongDM documentation:
- StrongDM videos: