If you’re part of a startup, you know you face many of the same challenges as your larger and more established counterparts. And you also know that unlike those other companies, you must address these challenges with fewer resources than they have.
Read about the latest enhancements to Trustero Compliance as a Service, including new AI-powered features and ISO 27001 support.
As a leader of a small or mid-sized business (SMB), you may be happy with your current state. However, while not every SMB leader wants to become the next Amazon or Walmart, many do have plans for growth. Here’s how SOC 2 compliance can help those emerging enterprises with those plans.
David has more than 16 years’ experience in compliance and information security, making him a trusted expert. In an Everything Compliance interview, he shared some of the fruits of that experience with Trustero Vice President of Marketing and Business Development Kimberly Rose. This post presents some highlights from that conversation.
This is part two of highlights from our interview with compliance and audit expert Bert Friedman of Nearside. He gives insight into how best to tackle SOC 2 compliance and when to get started as a small business.
This SOC 2 control focuses on ensuring your company regularly reviews who has access to critical IT infrastructure. For this control, your company must log these reviews and take any actions to resolve any access issues discovered during a review.
There are many ways to word such a control, and you should work with your auditor to find the precise wording for your company. The control’s wording must be precise, concise, and authoritative.
The global coronavirus pandemic, the Great Recession, and the Great Resignation have significantly disrupted staffing at all levels at many organizations. These issues could also derail or halt your SOC 2 compliance journey. Here are 4 steps to preparing and mitigating personnel problems:
1) Capture relevant institutional knowledge before it leaves
2) Get your policies together
3) Keep all documentation current
4) Get compliance automation software
This Q&A session was pulled from a recent episode of Everything Compliance featuring Bert Friedman. Bert Friedman is Head of Compliance at business banking startup Nearside and former Vice President of Compliance for the Financial Intelligence Unit of Chicago’s Community Choice Financial, Inc. Learn what Bert has to say about dealing with auditors and common SOC 2 compliance misconceptions.
This SOC 2 control focuses on ensuring the timely removal of access rights from users who have been terminated and those who have been transferred to new roles. The control also stipulates that removal or revision of access rights takes place in a timely fashion, typically within one business day, and is both verified and documented.
A SOC 2 audit can take months and cost tens of thousands of dollars. Here are six steps you can take to maximize the likelihood of passing that audit successfully and begin moving toward the multiple business benefits of continuous compliance with Trustero.
1) Establish Scope
2) Develop and Capture Policies
3) Align Policies
4) Identify and Capture Evidence
5) Test Your Evidence
6) Document and Track Progress
There are multiple misperceptions about SOC 2 compliance that can delay or even derail your compliance journey. Learn how to avoid these misperceptions from the following auditing, compliance, and cybersecurity experts:
– Liam Collins, Armanino
– Richard Stiennon, IT-Harvest
– Bert Friedman, Nearside
– David Carter, Delta Dental
This episode of “Everything Compliance” features David Carter, Senior Manager of Cyber Risk Assurance at Delta Dental. The Delta Dental Plans Association includes 39 independent Delta Dental member companies that provide coverage to some 68 million people. David has more than 16 years’ experience in compliance and information security.