David has more than 16 years’ experience in compliance and information security, making him a trusted expert. In an Everything Compliance interview, he shared some of the fruits of that experience with Trustero Vice President of Marketing and Business Development Kimberly Rose. This post presents some highlights from that conversation.
This is part two of highlights from our interview with compliance and audit expert Bert Friedman of Nearside. He gives insight into how best to tackle SOC 2 compliance and when to get started as a small business.
IT Chronicles has posted an article from Trustero highlighting the key connection between compliance controls and business policies.
This SOC 2 control focuses on ensuring your company regularly reviews who has access to critical IT infrastructure. For this control, your company must log these reviews and take any actions to resolve any access issues discovered during a review.
There are many ways to word such a control, and you should work with your auditor to find the precise wording for your company. The control’s wording must be precise, concise, and authoritative.
The global coronavirus pandemic, the Great Recession, and the Great Resignation have significantly disrupted staffing at all levels at many organizations. These issues could also derail or halt your SOC 2 compliance journey. Here are 4 steps to preparing and mitigating personnel problems:
1) Capture relevant institutional knowledge before it leaves
2) Get your policies together
3) Keep all documentation current
4) Get compliance automation software
This Q&A session was pulled from a recent episode of Everything Compliance featuring Bert Friedman. Bert Friedman is Head of Compliance at business banking startup Nearside and former Vice President of Compliance for the Financial Intelligence Unit of Chicago’s Community Choice Financial, Inc. Learn what Bert has to say about dealing with auditors and common SOC 2 compliance misconceptions.
A SOC 2 audit can take months and cost tens of thousands of dollars. Here are six steps you can take to maximize the likelihood of passing that audit successfully and begin moving toward the multiple business benefits of continuous compliance with Trustero.
1) Establish Scope
2) Develop and Capture Policies
3) Align Policies
4) Identify and Capture Evidence
5) Test Your Evidence
6) Document and Track Progress
There are multiple misperceptions about SOC 2 compliance that can delay or even derail your compliance journey. Learn how to avoid these misperceptions from the following auditing, compliance, and cybersecurity experts:
– Liam Collins, Armanino
– Richard Stiennon, IT-Harvest
– Bert Friedman, Nearside
– David Carter, Delta Dental
Too many business decision-makers view SOC 2 incorrectly, increasing risk and limiting the multiple benefits it can bring to their companies. With the ever-growing importance of SOC 2, it is vital that you ensure your company builds a culture of compliance instead of focusing on checking the boxes. Read on to learn about some of those benefits and how to avoid missing out on them.
In a previous post based on his “Everything Compliance” conversation with Trustero Vice President of Marketing and Business Development Kimberly Rose, Richard described how the pursuit of SOC 2 compliance can improve cybersecurity for SMBs. This post features his thoughts on some common cybersecurity mistakes SMB decision-makers make and how best to avoid them.
Understanding controls is integral to the completion and success of your SOC 2 audit. This first entry into a series of control blogs dives deep into the Encryption of Data at Rest control, which is pivotal for protecting stored data within companies. Learn why this control matters, who it affects and more.
In a wide-ranging and informative conversation with Trustero Vice President of Marketing and Business Development Kimberly Rose, Richard describes how the pursuit of SOC 2 compliance can improve cybersecurity. He also offers views on some of the cybersecurity challenges facing SMBs. Below is an edited summary of highlights from that conversation.