SOC 2 Academy: Detect and Monitor Changes in Your System Configurations

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 7.1 When an organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 7.1 says, “To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities.” What…

SOC 2 vs. ISO 27001: Which Audit Do You Need?

by Sarah Harvey / June 14, 2023

SOC 2 and ISO 27001 audits are similar in intention; they both help organizations protect the data that they are responsible for. How are they different, though, and which one meets your organization’s needs? What is a SOC 2 Audit? A SOC 2 audit evaluates internal controls, policies, and procedures that directly relate to the AICPA’s Trust Services Criteria. This means that a SOC 2 audit report focuses on a…

Privacy vs. Security: What’s the Difference?

by Sarah Harvey / February 20, 2023

Privacy and security are terms that are often believed to be synonymous, but they’re actually quite different. Understanding what that difference is plays a key role in ensuring that your organization maintains a strong security posture, while also performing your due diligence to protect your customers’ sensitive data. In this webinar, our Director of Regulatory Compliance, Mark Hinely, discusses the differences between privacy and security, why understanding the difference matters,…

Privacy Policies Built for CCPA Compliance

by Sarah Harvey / December 16, 2022

Updating Your Privacy Policy for CCPA Compliance If 2018 was the year spent anticipating the GDPR enforcement deadline, 2019 will be the year US states begin enforcing their own data privacy laws. While the California Consumer Protection Act (CCPA) isn’t the first US data privacy law to go into effect, it has certainly gained more attention than others. This could largely be in part because of its similarities to GDPR,…

SOC 2 Academy: Change Control Processes

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.8 While understanding how to prevent and detect unauthorized software from being installed on your network is important, organizations pursuing SOC 2 compliance should also implement change control processes to mitigate any further risks of unauthorized software being installed. When an organization engages in a SOC 2 audit, an auditor will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria.…