policy-as-code SecOps GitLab security policy operational resilience SOC certificate DevSecOps: Beyond Manual Policy Implementation

Why the Security Policy is Dying

Security policies, a familiar tool of the CTO or CISO, are dying off, and I am glad to see them go. Long narrative descriptions of a top-down prescribed security policy ideal are a meaningless effort that can now be replaced by a more sensible, accessible and effective process for defining ... Read More
Security Boulevard
SOC 2 Type 2

The Perils of a Running Start: Can You Skip SOC 2 Type 1?

We’re often asked by customers embarking on the SOC 2 journey, “Can we skip the SOC 2 Type 1 and go straight into a Type 2?” They reason that instead of paying for two audits, they would only pay for one. It seems like an easy choice, right? However, this ... Read More
Security Boulevard
Facebook Instagram social media Siemplify SOC 2

How to Choose the Right SOC 2 Auditor

The selection of a SOC 2 auditor can be daunting. How do you find one, what should you consider when choosing a SOC 2 auditor, and what interview questions should you ask them? Will they understand your unique environment, product or challenges? Ultimately, the final decision is up to you ... Read More
Security Boulevard