How should an organization approach PCI compliance in the cloud?? We’ll answer this question and address key concepts for implementing and maintaining cloud environments that live up to the PCI [...]
What is PCI’s perspective on Business Continuity? Here is an overview on Business Continuity as described through the lens of the PCI DSS v3.2.1. Business Continuity is tied to Incident [...]
How should a company think about PCI Scope and Segmentation? For companies looking to identify and reduce the scope of their PCI environment, through network segmentation, it is necessary to [...]
Maintain Compliance From our experience working with high-growth technology companies subject to a myriad of compliance obligations, maintaining security and privacy compliance initiatives throughout the year is a prominent challenge [...]
How can you ensure success for your company’s SOC 2 initiative? Here are 5 Steps to SOC 2 success – best practices and lessons learned from the field! I have [...]
Check out our webinar from Christian White and Christian Hyatt in which they cover the basics of SOC 2 reporting, what to expect during a SOC 2 audit, and why [...]
Are Pen Test and Vulnerability Scans Required for a SOC 2 Report? There has been much confusion lately in the SOC 2 market as companies seek to understand the need-to-haves vs. the nice-to-haves when it comes to obtaining a SOC 2 report. Much of this confusion was brought about by the December 2018 upgrade of the Trust Services Criteria, and associated Point of Focus, intended to align SOC 2 with the 2013 COSO framework.
Overview of the SOC for Cybersecurity In 2017 the AICPA published guidance on a new cyber security risk management examination, System and Organization Controls for Cyber Security (SOC for Cybersecurity). [...]