Tag: SOC 2

Security Awareness Training

Posted on by Shobhit Mehta

๐€๐ฅ๐ฅ ๐ž๐ฆ๐ฉ๐ฅ๐จ๐ฒ๐ž๐ž๐ฌ ๐ฆ๐ฎ๐ฌ๐ญ ๐œ๐จ๐ฆ๐ฉ๐ฅ๐ž๐ญ๐ž ๐ญ๐ก๐ž ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐š๐ฐ๐š๐ซ๐ž๐ง๐ž๐ฌ๐ฌ ๐ญ๐ซ๐š๐ข๐ง๐ข๐ง๐  ๐ฐ๐ข๐ญ๐ก๐ข๐ง ๐Ÿ‘๐ŸŽ ๐๐š๐ฒ๐ฌ ๐จ๐Ÿ ๐จ๐ง๐›๐จ๐š๐ซ๐๐ข๐ง๐  ๐š๐ง๐ ๐š๐ง๐ง๐ฎ๐š๐ฅ๐ฅ๐ฒ ๐ญ๐ก๐ž๐ซ๐ž๐š๐Ÿ๐ญ๐ž๐ซ.Sound familiar? Despite being a hard requirement and many organizations spending thousands of dollars on implementing the Learning Management System (LMS), tracking completion rates, and sometimes enforcing sanctions for not completing the training – this has always been a point…

Compliance โ‰  Security

Posted on by Shobhit Mehta

As we enter the new year, many of us will start the annual third-party attestations. Itโ€™s important toย remember that holding a third-party attestation provides a baseline assurance on the effective implementation of management, operational, and technical controls. Compliance demonstrated by a clean SOC 2 report, ISO 27001 certification, HITRUST certification, etc. does not equate to…

12 must-have policies and procedures for ISO 27001 & SOC 2 audit

Posted on by Shobhit Mehta

As we discussed in an earlier post, the primary requirement for a SOC 2 audit is when a company provides services to a third party. As per the AICPA, the SOC 2 consists of the following Trust Services Principles (TSPs): Security (also known as Common Criteria) Availability Processing Integrity Confidentiality Privacy The scope for each…

Why do we need Governance Frameworks, SOC 2 Audits, & Compliance?

Posted on by Shobhit Mehta

Yesterday I met my previous roommate who’s a Computer Science nerd and recently completed his internship at one of the best tech companies in the Valley. We met after a long time and soon after discussing how we’ve been, he asked about my work. I told him – “I am currently working on the Governance…