Many people wonder: does an SSAE 18 SOC 2 assessment require a penetration test? The answer is a resounding “no.” That being said, there are many good reasons to conduct regular penetration testing. Coordinating that testing with other audit functions promotes economies of scale and may even help with responses to those audits. (NOTE: If […]
Does SOC 2 Require a Penetration Test? Not Really. Read More »
Most startups only consider SOC 2 certification after a request from a new or potential new client. At that point there’s a decision to make: Will the time and money spent on attaining SOC 2 certification be worth the revenue it creates in new business? Having worked as a CISO across multiple industries, I’ve managed
Insider’s Guide to SOC 2 for Startups: Is it Really Worth It? Read More »
Navigating the SOC audit process can be daunting. There are a few options for audits and while the standards are consistent among auditors, each auditor has their own unique style for conducting the audit. In this article, I’m going to break down the primary distinctions between a SOC 2 Type 1 vs Type 2 audit.
SOC 2 Type 1 vs Type 2: How to Decide Which is Right Read More »
A SOC 2 readiness assessment, like other kinds of readiness assessments, highlights an organization’s ability to succeed in an assessment against a framework baseline. Readiness assessments are particularly helpful in driving cost savings for assessments, but take time and effort to conduct. In this article, I’ll outline what a SOC 2 readiness assessment is and
Is a SOC 2 Readiness Assessment Worth It? Comparing Costs & Benefits Read More »
SOC 2 certifications are a must for many businesses in 2023 and a nice-to-have for many others. It’s become a defacto measure of economic and cybersecurity health because of the quality and extent of the review, and the easy snapshot it provides into organizational, financial, and cybersecurity health. Unfortunately, working out your organization’s potential SOC
How Much SOC 2 Certification Costs Will Depend on 6 Factors Read More »
If you’ve reached this page you’re likely wondering: how do I provide independent verification and validation of my organization’s security controls? Both HITRUST certification and a SOC 2 assessment are great ways to accomplish that need. Both accomplish that in completely different ways: In this article, I’ll provide some opinions about why you’d choose one
HITRUST vs SOC 2: Costs vs Benefits Compared Read More »
Determining what certification your organization should pursue can be a challenge, it’s important to know what standard will best suit your organization and why. ISO 27001 and SOC 2 are top choices to be able to prove that your organization is cyber resilient, but which one is best and why? SOC 2 and ISO 27001
ISO 27001 vs SOC 2: 6 Key Differences Explained Read More »
