How to Leverage your GRC Platform for SOC 2 Compliance

Service Organization Control (SOC) reports have become more and more important to the world of information security and compliance since being introduced by the American Institute of CPAs (AICPA) in 2011. This is particularly the case for SOC 2, which focuses on availability, confidentiality, privacy, processing integrity, and security as its trust services criteria or Read more…

FedRAMP Impact Levels Low, Moderate, and High. What’s the Difference?

Updated April 16, 2020 Becoming certified under the Federal Risk and Authorization Management Program (FedRAMP) is a costly and resource intensive undertaking. Obtaining certification and continually staying in compliance can make a major impact on your business as a Cloud Service Provider (CSP). To lessen the costly and time-consuming process, FedRAMP utilizes a “do once, use many times” Security Assessment Read more…

Top Three Stakeholders in the FedRAMP Process

While cloud solutions have made it possible to make computer systems more efficient and effective, the federal IT infrastructure has had a hard time adopting this innovation. Saddled by redundant, time-consuming, costly, and inefficient systems, the federal government has found it hard to secure its IT systems without throwing hundreds of millions of dollars down Read more…

4-Step Guide to Performing an ISO 27001 Risk Analysis

Performing a risk assessment is a central part of the ISO 27001 process directed to implementing an ISMS (Information Security Management System). How could you protect any sort of environment without being fully aware of impending threats, the exposition level, and variables such as the likelihood of occurrence and estimated level of impact? Understanding all Read more…

ISO 27001 A.18.1.1: How to satisfy Legal, Regulatory, Contractual, and other requirements

From an information security management point of view, complying with the required laws, regulations and contractual obligations can be as much of a challenge as dealing with the ever-evolving threat landscape and new forms of attacks.  What many organizations fail to understand is that both are equally important. Mandatory requirements can come in the form Read more…

Top 7 Ways GDPR Affects Your Organization

If there is one thing the last couple years have made clear, it is the lack of respect towards personal data privacy. From companies with inadequate security controls leading to improper management of sensitive information to businesses making a profit by selling clients’ information and even government agencies that like to play big brother. At Read more…

How to Manage the 2016 SOC 2 Content Update

In our ever changing technological and corporate environment, it is only natural for standards and best practices to receive regular updates that try to both accommodate corrections and improvements. That is what just recently happened to the American Institute of Certified Public Accountants criteria for the Trust Services Principles (TSP) by releasing a SOC 2 Content Read more…