SOC2

How Much Does It Cost to Get a SOC 2 Report?

Maybe you've been asked to provide a SOC 2 report as part of the sales cycle, or you anticipate you will need SOC 2 compliance at some point. You're wondering how much time and money you must budget to become SOC 2 compliant.  

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program

Four Compliance Standards that can Accelerate Your Sales Team

Businesses must comply with a mixture of international, industry-specific and state-mandated cybersecurity regulations and require their vendors to do so. For this reason, compliance with specific cybersecurity standards becomes another way to

Read More

SOC2, Security Program

Three Indicators Your Startup should be SOC 2 Compliant

A System and Organization Controls 2 (SOC 2) compliant report is an industry-recognized standard for demonstrating the efficacy of information systems. It is one of the most requested credentials by prospective clients when screening IT services

Read More

SOC2, vCISO

The Meaning of SOC from the AICPA

What does SOC mean and why does it matter? How did a CPA organization come to audit information systems for cybersecurity and privacy controls? Spoiler alert. The acronym SOC currently means System and Organization Controls, but that wasn't always

Read More

SOC2, Security Program

The Four Essential Elements of SOC 2 Type 2 Compliance

The Type 2 audit measures your organizations’ ability to maintain security, availability, processing integrity, privacy, and confidentiality operationally over time. A SOC 2 Type 2 investment helps build resiliency into your business.

Read More

SOC2, CISO, vCISO, Security Program

vCISO - Stories from the Trenches

Disasters, heroics, funny stories, and impacts to business success  Nate Hartman describes a six-month stint as an acting CISO or virtual CISO (vCISO) at a fast-paced Silicon Valley tech company.  

Read More

SOC2, CISO, vCISO, Security Program

What are the SOC 2 Trust Services Criteria?

The SOC 2 Trust Services Criteria (TSCs) for information technology, is a framework for designing, implementing and evaluating information system controls. The purpose of controls is to ensure your information system can meet its objectives. The

Read More

SOC2, CISO, vCISO, Security Program

Understanding the Business Value of SOC 2 Compliance

System and Organizational Controls 2 (SOC 2) is sometimes known as Service Organization Controls. Maintained by the American Institute of Certified Public Accountants (AICPA), SOC 2 is a standard for auditing and reporting on the efficacy of

Read More

SOC2, CISO, vCISO, Security Program, Risk Assessment

Bridging the gap between CISOs

Facing the challenges of new cybersecurity and privacy laws, a sharp increase in cybersecurity litigation, and the ceaseless evolution of ransomware and cyberthreats, the role of Chief Information Security Officer (CISO) has become critical to

Read More

SOC2, CISO, vCISO, Security Program

Using a vCISO Service to Achieve and Retain a SOC 2 Certification

CSO Online, which knows plenty about what goes into ensuring security, makes a strong case for hiring a virtual Chief Information Security Officer (vCISO). It notes that fulltime CISOs “can be hard to come by, often stay in their job for two years

Read More