Blog

Privacy vs. Security: What’s the Difference?

by Sarah Harvey / February 20, 2023

Privacy and security are terms that are often believed to be synonymous, but they’re actually quite different. Understanding what that difference is plays a key role in ensuring that your organization maintains a strong security posture, while also performing your due diligence to protect your customers’ sensitive data. In this webinar, our Director of Regulatory Compliance, Mark Hinely, discusses the differences between privacy and security, why understanding the difference matters,…

Privacy Policies Built for CCPA Compliance

by Sarah Harvey / December 16, 2022

Updating Your Privacy Policy for CCPA Compliance If 2018 was the year spent anticipating the GDPR enforcement deadline, 2019 will be the year US states begin enforcing their own data privacy laws. While the California Consumer Protection Act (CCPA) isn’t the first US data privacy law to go into effect, it has certainly gained more attention than others. This could largely be in part because of its similarities to GDPR,…

SOC 2 Academy: Change Control Processes

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.8 While understanding how to prevent and detect unauthorized software from being installed on your network is important, organizations pursuing SOC 2 compliance should also implement change control processes to mitigate any further risks of unauthorized software being installed. When an organization engages in a SOC 2 audit, an auditor will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria.…

SOC 2 Academy: Preventing and Detecting Unauthorized Software

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.8 During a SOC 2 audit, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.8. Common criteria 6.8 says, “The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives.” What…

SOC 2 Academy: Access Controls for Remote Employees

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.7 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.7. Common criteria 6.7 says, “The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission,…

Privacy vs. Security: What’s the Difference?

Privacy Policies Built for CCPA Compliance

SOC 2 Academy: Change Control Processes

SOC 2 Academy: Preventing and Detecting Unauthorized Software

SOC 2 Academy: Access Controls for Remote Employees

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.