SOC 2 Compliance and Hybrid Workstyles

The COVID pandemic and The Great Resignation have led to extensive upheaval in workforces and workplaces. Some workers are returning to revised workplaces and schedules. Some are working from home and may do so indefinitely. How best to achieve and maintain continuous SOC 2 compliance in the face of these seismic shifts?

Zero Trust and SOC 2

Zero-Trust: How SOC 2 Compliance Can Help

The Cloud Security Alliance (CSA) has released the first in a series of research summaries culled from a survey about the adoption of so-called zero-trust cybersecurity principles. The results of that survey indicated that achieving and sustaining SOC 2 compliance can help ease, speed and spread adoption of zero-trust across almost any SMB or emerging enterprise.

Continue Reading »
SOC 2 Controls: Regular User Access Reviews

SOC 2 Controls: Regular User Access Reviews

This SOC 2 control focuses on ensuring your company regularly reviews who has access to critical IT infrastructure. For this control, your company must log these reviews and take any actions to resolve any access issues discovered during a review.
There are many ways to word such a control, and you should work with your auditor to find the precise wording for your company. The control’s wording must be precise, concise, and authoritative.

Continue Reading »

SOC 2 Controls: Encryption of Data at Rest

Understanding controls is integral to the completion and success of your SOC 2 audit. This first entry into a series of control blogs dives deep into the Encryption of Data at Rest control, which is pivotal for protecting stored data within companies. Learn why this control matters, who it affects and more.

Continue Reading »