The AICPA-designated SOC 2 framework is used to express an opinion on controls over security, privacy, availability, confidentiality, and processing integrity for many different systems, organizations, and environments. In addition [...]
A GRC tool can provide many benefits to your GRC program, as we’ve discussed before. However, before you go chasing shiny objects, you must understand what a GRC program is [...]
So, you’ve been tasked with providing evidence for an audit. You may be wondering what your auditor is even looking for. Let’s take a look behind the scenes at why [...]
A GRC tool can help an organization manage its governance, risk, and compliance program. But why use a GRC tool instead of managing your GRC program manually? GRC tools can [...]
Virginia’s Consumer Data Privacy Act (“VCDPA” or “the Act”) is the newest state privacy law in the U.S. In this blog, we will examine who is subject to the Act [...]
How should a company think about PCI Scope and Segmentation? For companies looking to identify and reduce the scope of their PCI environment, through network segmentation, it is necessary to [...]
In this blog, we’ll dive into one of the most important parts of a SOC 2 report, the SOC 2 System Description! During your due diligence process, a vendor sends [...]
Do your business continuity plans account for your company’s compliance and regulatory requirements? For many, the answer to that question is “no”. An unfortunate reality encountered by companies across the [...]
Maintain Compliance From our experience working with high-growth technology companies subject to a myriad of compliance obligations, maintaining security and privacy compliance initiatives throughout the year is a prominent challenge [...]
Key areas of overlap to help you harmonize workstreams. The compliance universe is ever-expanding. In addition to various information security requirements, often including ISO 27001, business partners are increasingly asking [...]