We learned so much passing SOC 2 Type 2 that we compiled it into the best SOC 2 compliance checklist! SOC 2 compliance is as unique to your business as a fingerprint, which is why there isn’t an official SOC 2 compliance checklist issued by the AICPA. But you can take our SOC 2 audit … The Best SOC 2 Compliance Checklist: What We Learned Passing SOC 2 Type 2
We put together a beginner’s guide to today’s top federal agency frameworks to help you avoid information overload via web search. That’s a genuine possibility with the excess of acronyms and an abundance of data out there. Having everything in one place to support you on your compliance journey just makes sense. Frameworks can be … A Beginners Guide to Today’s Top Federal Agency Frameworks
According to the latest Gartner research, cybersecurity and regulatory compliance are the two biggest concerns of today’s corporate boards. A growing number of companies are choosing to adopt a trusted security framework, and ISO 27001, as a globally recognized certification, is the framework of choice for many. In fact, ISO 27001 saw a 24.7% increase … How Much Does ISO 27001 Cost?
Today’s compliance H2H features HIPAA vs HITRUST. If you’re looking to understand how these two healthcare frameworks stack up against one another, then you’ve definitely come to the right place. Okay, let’s get this party started. What Is HIPAA? We’ve already written a fairly comprehensive primer on HIPAA. That said, if you’re strapped for time, … HIPAA vs HITRUST Compliance: What’s the Difference?
In this article, we condense unbiased, expert research from Fractional CISO highlighting: Three core SOC 2 challenges that software can help solve Nine key points to consider when evaluating SOC 2 software vendors Few people know more about SOC 2 compliance software than Rob Black. As the founder of Fractional CISO, he has fielded … Secrets to Selecting the Right SOC 2 Vendor
Everyone is searching for a simplified SOC 2 experience but there’s some confusion about what can and can’t be automated for SOC 2. It’s not something that can be 100 percent hands-free. Reducing your number of daily decisions is a form of automation. It’s how you streamline processes, limit distractions and save time and manpower. … What Can and Can’t Be Automated for SOC 2
Welcome to the third and final installment of Tugboat Logic’s ISO 27001 Bootcamp series. In the first and second installments, we looked at how to scope the audit project, implement ISO 27001 clauses and understand Annex A Controls. In part three we look at the external audit process with the help of Chris Denton, Manager, … ISO 27001 Bootcamp Part 3: The Audit Process
After plunging into the pandemic in 2020, people’s expectations for 2021 were not very high. COVID-19 was still running rampant, vaccine rollouts started and stopped too many times to count and after a year of remote work, no one could crack the code for which Zoom meetings could have been emails. Maybe it was the … 2021: A Year in Review
Welcome to the second installment of Tugboat Logic’s ISO 27001 Bootcamp series. In part 1, we covered mandatory clauses, one of two parts of the framework. In part 2, we examine the second part—Annex A controls. Tugboat’s Director of InfoSec Risk and Compliance, Jitendra Juthani, recently led a webinar on Annex A controls, and we … ISO 27001 Bootcamp Part 2: Understanding Annex A Controls
HIPAA is so hot right now. Everybody’s talking about it. And it seems like everybody’s an expert on it too. But don’t believe everything you’ve heard. Most of it is flat out wrong. For instance, vaccine passports aren’t a HIPAA violation. Nor are mask mandates. HIPAA doesn’t cover free speech, either (that’s the First Amendment, … What Is HIPAA Compliance?
We all know financial institutions and credit unions need to be cyber secure. That’s not a surprise to anyone in 2021. But cybersecurity is a moving target and is often difficult to establish in organizations with numerous departments, processes and vendors. That’s why the Federal Financial Institutions Examination Council (FFIEC) built the Cybersecurity Maturity Assessment. … Introducing FFIEC Maturity Assessment Support
In a world where data flows everywhere constantly, it’s important to check all the data protection and security boxes so we’ve put together some tips and tricks to help you build your own GDPR toolkit and checklist. The General Data Protection Regulation (GDPR) is widely used and mandatory in some regions. Developed by the EU, … The Best GDPR Toolkit and Checklist