Blog

Privacy Policies Built for CCPA Compliance

by Sarah Harvey / December 16, 2022

Updating Your Privacy Policy for CCPA Compliance If 2018 was the year spent anticipating the GDPR enforcement deadline, 2019 will be the year US states begin enforcing their own data privacy laws. While the California Consumer Protection Act (CCPA) isn’t the first US data privacy law to go into effect, it has certainly gained more attention than others. This could largely be in part because of its similarities to GDPR,…

SOC 2 Academy: Change Control Processes

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.8 While understanding how to prevent and detect unauthorized software from being installed on your network is important, organizations pursuing SOC 2 compliance should also implement change control processes to mitigate any further risks of unauthorized software being installed. When an organization engages in a SOC 2 audit, an auditor will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria.…

SOC 2 Academy: Preventing and Detecting Unauthorized Software

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.8 During a SOC 2 audit, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.8. Common criteria 6.8 says, “The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives.” What…

SOC 2 Academy: Access Controls for Remote Employees

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.7 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.7. Common criteria 6.7 says, “The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission,…

The Dangers of End-of-Support Operating Systems

by Sarah Harvey / June 14, 2023

Computer hardware and software is not built to last forever. End-of-support operating systems are one of the most common vulnerabilities discovered on enterprise networks. Why? Typically, it’s for one of two reasons. First, the organization could just lack a refresh of technology. But, end-of-support vulnerabilities could also occur because organizations need legacy software that will only function on an older operating system. Here's some end of support guidance for common…

Privacy Policies Built for CCPA Compliance

SOC 2 Academy: Change Control Processes

SOC 2 Academy: Preventing and Detecting Unauthorized Software

SOC 2 Academy: Access Controls for Remote Employees

The Dangers of End-of-Support Operating Systems

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.