May 10, 2022

7 reasons a traditional GRC tool is not enough

[5 min read] To the busy CISO, it might seem like implementing a GRC (Governance, Risk and Compliance) tool will be an easy way to create and manage...
Read more
May 9, 2022

The Rise and Fall of SOC 2 audits

[5 min read] Is the AICPA asleep at the wheel? More and more tech companies are seeking to demonstrate their security posture by undertaking a SOC 2...
Read more
February 23, 2022

Who owns data?

[4 min read] Data ownership is a complicated topic, much more complicated than most might think. We often talk about data security in possessive...
Read more
February 7, 2022

Do you know where your data is?

[5 min read] And who has access to it? When I talk to CEOs and security professionals about data security, the one question that continually trips...
Read more
December 3, 2021

How to Prepare for a SOC 2 Audit

[4 min read] Security standards, reports, and certifications are becoming essential for vendors and technology firms. Certifications, such as SOC 2,...
Read more
July 13, 2021

Why preparing for a SOC audit takes more than 2 weeks

[4 min read] Have you ever wished you could run a marathon?  I have run a few and I can tell you it is hard work and takes a lot of training just to...
Read more
June 11, 2020

Renewing your SOC 2 could be easier than you think!

Security certifications are a must for vendors and technology firms. Many organizations choose SOC 2 as a way of demonstrating effective risk...
Read more
October 11, 2019

Why do auditors need to remain independent?

Recent news that PwC (PricewaterhouseCoopers LLP) has agreed to pay US$7.9 million in fines to settle U.S. Securities and Exchange Commission charges...
Read more
September 27, 2019

How To Choose a SOC 2 Auditor: 6 Questions to Ask

When you begin planning for a SOC 2 audit, one of the first big decisions is choosing an external audit firm. You want a firm who can help you...
Read more
September 10, 2019

Measuring the ROI of a SOC 2 Audit

As many companies - and their vendors - are moving data to the cloud, there are often concerns about the security of their sensitive information. In...
Read more
August 15, 2019

5 Trust Service Criteria of a SOC 2 Report

A SOC 2 report has 5 Trust Services Criteria, which have previously been commonly called Trust Services Principles. These Trust Service Criteria are...
Read more
August 5, 2019

SOC 2 vs. SOC 1 or SOC 3: Which SOC Report Do I Need?

A Systems and Organizational Controls (SOC) report provides guidance on standards that should be used for operational and technological business...
Read more
March 19, 2018

How to Prepare for a SOC 2 Audit

Security certifications are fast becoming need-to-haves for vendors and technology firms. Certifications, such as SOC 2, can offer a cost-efficient...
Read more
May 25, 2017

What is a SOC Report? Do I Need One?

SOC stands for Service Organizational Control. There are three types of SOC reports, but we’ll focus on the second one, which is “designed for the...
Read more