Blog

SOC2

How Much Does It Cost to Get a SOC 2 Report?

Maybe you've been asked to provide a SOC 2 report as part of the sales cycle, or you anticipate you will need SOC 2 compliance at some point. You're wondering how much time and money you must budget to become SOC 2 compliant.  

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program

Four Compliance Standards that can Accelerate Your Sales Team

Businesses must comply with a mixture of international, industry-specific and state-mandated cybersecurity regulations and require their vendors to do so. For this reason, compliance with specific cybersecurity standards becomes another way to

Read More

SOC2, Security Program

Three Indicators Your Startup should be SOC 2 Compliant

A System and Organization Controls 2 (SOC 2) compliant report is an industry-recognized standard for demonstrating the efficacy of information systems. It is one of the most requested credentials by prospective clients when screening IT services

Read More

SOC2, vCISO

The Meaning of SOC from the AICPA

What does SOC mean and why does it matter? How did a CPA organization come to audit information systems for cybersecurity and privacy controls? Spoiler alert. The acronym SOC currently means System and Organization Controls, but that wasn't always

Read More

SOC2, Security Program

The Four Essential Elements of SOC 2 Type 2 Compliance

The Type 2 audit measures your organizations’ ability to maintain security, availability, processing integrity, privacy, and confidentiality operationally over time. A SOC 2 Type 2 investment helps build resiliency into your business.

Read More

SOC2, CISO, vCISO, Security Program

vCISO - Stories from the Trenches

Disasters, heroics, funny stories, and impacts to business success  Nate Hartman describes a six-month stint as an acting CISO or virtual CISO (vCISO) at a fast-paced Silicon Valley tech company.  

Read More

SOC2, CISO, vCISO, Security Program

What are the SOC 2 Trust Services Criteria?

The SOC 2 Trust Services Criteria (TSCs) for information technology, is a framework for designing, implementing and evaluating information system controls. The purpose of controls is to ensure your information system can meet its objectives. The

Read More

SOC2, CISO, vCISO, Security Program

Understanding the Business Value of SOC 2 Compliance

System and Organizational Controls 2 (SOC 2) is sometimes known as Service Organization Controls. Maintained by the American Institute of Certified Public Accountants (AICPA), SOC 2 is a standard for auditing and reporting on the efficacy of

Read More

SOC2, CISO, vCISO, Security Program, Risk Assessment

Bridging the gap between CISOs

Facing the challenges of new cybersecurity and privacy laws, a sharp increase in cybersecurity litigation, and the ceaseless evolution of ransomware and cyberthreats, the role of Chief Information Security Officer (CISO) has become critical to

Read More

PCI DSS, SOC2, vCISO, Penetration Testing, HIPAA, CIS Controls, Security Program, Risk Assessment, Privacy, CCPA, ISO27001

Do you have APIs? How do you test them?

Application Program Interfaces (APIs) have changed in nature in recent years and are increasingly (and sometimes inadvertently) being made available to users of web services, the “Apps” (applications) on mobile devices, and internally for the web

Read More