Discussions, questions, and answers around SOC 2.
- 6 Topics
- 4 Replies
Let's talk continuous compliance. What is it? How do you achieve it?
Compliance audits are chaos engines. Every six to 12 months, people get pulled from their core duties. Newly discovered compliance gaps send everyone scrambling for fixes. With deadlines approaching, the best fix takes a back seat to the quickest fix. Audit complete, everyone returns to their jobs. But who knows what issues are simmering beneath the surface?Seasonal chaos is not the path to compliance. Automation opens a more sustainable course. This article will explain how continuous compliance is a less disruptive option—especially for today’s cloud-based architectures. Read the full article here, and comment below 👇 how you achieve continuous compliance.
A Quick-Start Guide of the SOC 2 System Description
The SOC 2 system description describes the boundaries of your SOC 2 report and includes important information about the people, processes, technology, and controls that support your service or product. Check out this article that walks you through our recommendations to help make producing this document a smooth process.
Advice from Troy Fine on working with auditors
Our cybersecurity compliance expert @Troy_Fine shared on LinkedIn a great post about the different aspects that can impact your experience during an audit, and we wanted to be sure you all didn’t miss it. Some may not be aware, but your experience during an information security audit such as SOC 2, ISO 27001, PCI, HITRUST, and CMMC can be significantly influenced by the following:-Auditor Rigor:Some standards make the rigor more consistent, but SOC2 and ISO 27001 give the auditor/certification body much more leeway. Not all auditors will require the same amount/type of evidence to conclude on a control/requirement being met.-Auditor Sample Size Methodology:Standards typically allow auditors to determine the sample size for testing controls based on their own internally developed methodology. This methodology could cause you to have to provide more samples from one firm to the another.-Auditor Competency:Your auditor may not understand your technology, especially when it comes to the cl
Kicking off our SOC 2 101 Series
Hi all, and welcome to Secured! We are excited that you are here and interested in learning more about the SOC 2 process. To kick our community off and set you off on the right path, one of our compliance experts, Troy Fine, created a new series that highlights some of the most basic information that you’ll want to know prior to getting started. You can check out all five episodes on our Compliance 101 blog here Have questions? Feel free to start new threads in this part of the community.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.