SOC 2

Discussions, questions, and answers around SOC 2.

  • 6 Topics
  • 4 Replies

6 Topics

Helina Medhin
Helina MedhinCommunity Manager
posted in SOC 2

Let's talk continuous compliance. What is it? How do you achieve it?

Compliance audits are chaos engines. Every six to 12 months, people get pulled from their core duties. Newly discovered compliance gaps send everyone scrambling for fixes. With deadlines approaching, the best fix takes a back seat to the quickest fix. Audit complete, everyone returns to their jobs. But who knows what issues are simmering beneath the surface?Seasonal chaos is not the path to compliance. Automation opens a more sustainable course. This article will explain how continuous compliance is a less disruptive option—especially for today’s cloud-based architectures. Read the full article here, and comment below 👇  how you achieve continuous compliance. 

0
Helina Medhin
7 days ago
Helina Medhin
Helina MedhinCommunity Manager
posted in SOC 2

A Quick-Start Guide of the SOC 2 System Description

The SOC 2 system description describes the boundaries of your SOC 2 report and includes important information about the people, processes, technology, and controls that support your service or product. Check out this article that walks you through our recommendations to help make producing this document a smooth process. 

0
Helina Medhin
7 days ago
readteamblueteam
readteamblueteamNew Participant
asked in SOC 2

When do you start?

Hey thanks for creating a home for this. I Have a background in IT and helping a start-up but am curious about GRC. At what point does it make sense to go after SOC 2 Type 1?

4
C
2 months ago
Helina Medhin
Helina MedhinCommunity Manager
posted in SOC 2

Here’s everything you need to know about cybersecurity ROI

Security improvements get approved faster when CISOs speak the board’s language. Check out our latest and comment below on everything you need to know about cybersecurity ROI.

0
Helina Medhin
2 months ago
Elliot at Drata
Elliot at DrataDrata Creative Lead
posted in SOC 2

Advice from Troy Fine on working with auditors

Our cybersecurity compliance expert @Troy_Fine shared on LinkedIn a great post about the different aspects that can impact your experience during an audit, and we wanted to be sure you all didn’t miss it. Some may not be aware, but your experience during an information security audit such as SOC 2, ISO 27001, PCI, HITRUST, and CMMC can be significantly influenced by the following:-Auditor Rigor:Some standards make the rigor more consistent, but SOC2 and ISO 27001 give the auditor/certification body much more leeway. Not all auditors will require the same amount/type of evidence to conclude on a control/requirement being met.-Auditor Sample Size Methodology:Standards typically allow auditors to determine the sample size for testing controls based on their own internally developed methodology. This methodology could cause you to have to provide more samples from one firm to the another.-Auditor Competency:Your auditor may not understand your technology, especially when it comes to the cl

0
Elliot at Drata
7 months ago
Elliot at Drata
Elliot at DrataDrata Creative Lead
posted in SOC 2

Kicking off our SOC 2 101 Series

Hi all, and welcome to Secured! We are excited that you are here and interested in learning more about the SOC 2 process. To kick our community off and set you off on the right path, one of our compliance experts, Troy Fine, created a new series that highlights some of the most basic information that you’ll want to know prior to getting started. You can check out all five episodes on our Compliance 101 blog here Have questions? Feel free to start new threads in this part of the community.

0
Elliot at Drata
8 months ago

Badge winners

Show all badges
Terms & ConditionsCookie settings