Blog

Why Should Your Employees Sign a Policy Acknowledgment Form?

by Tori Thurmond / January 17, 2024

What does it mean for your employees to acknowledge your employee policies and procedures? To comply with information security standards, it’s required that all employees have expressed acknowledgment of the policies in place within your organization, specifically through a policy acknowledgment form for things like your information security policies and employee handbook. Having policy acknowledgment forms is an important piece of the puzzle when it comes to policy development and…

How to Manage AWS Access Keys and AWS Identities Securely

by Hannah Grace Holladay / January 30, 2024

Information security in the cloud depends on properly managing secrets, including AWS access keys. Authorized users and code must authenticate to use cloud resources. Authentication relies on shared secrets, but shared credentials may create security vulnerabilities, especially when shared naively by embedding them in application code. Embedding AWS access keys in code seems an efficient solution when, for example, your code needs to interact with the S3 API to store…

The Ultimate Vendor Due Diligence Checklist

by Hannah Grace Holladay / February 14, 2024

Vetting and choosing vendors are some of the most important decisions you’ll make for your business, especially when it comes to information security. They could do everything from run your call center to store your data, monitor your systems, or destroy your records. Yes, you can outsource a process or a department to vendors – but you can never outsource risk. No matter the vendor, they pose some level of…

What You Need to Know About the ISO 27001 Revisions: A Webinar Recap

by Tori Thurmond / March 21, 2024

In October of 2022, the latest revisions to the ISO 27001 framework were published. Although there is still time to transition to the revised framework, this process can feel overwhelming, and the changes can seem confusing. That’s why we partnered with SDG for a webinar covering what you need to know about the updated ISO 27001 revision. During the webinar, one of our expert auditors, Chris Paradise, and SDG’s Managing…

5 Internal Control Components using COSO Principles

by Joseph Kirkpatrick / January 15, 2024

Implementing Internal Controls for SOC 1 Compliance When an organization pursues SOC 1 compliance, they’ll be tested against the COSO Internal Control – Integrated Framework. This framework is one of the most common frameworks used to design, implement, maintain, and evaluate internal controls. For an organization to successfully complete a SOC 1 audit, they’ll need to meet the three objectives of internal control, demonstrate that they have the five components…

Why Should Your Employees Sign a Policy Acknowledgment Form?

How to Manage AWS Access Keys and AWS Identities Securely

The Ultimate Vendor Due Diligence Checklist

What You Need to Know About the ISO 27001 Revisions: A Webinar Recap

5 Internal Control Components using COSO Principles

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.