Why the Security Policy is Dying
Security policies, a familiar tool of the CTO or CISO, are dying off, and I am glad to see them go. Long narrative descriptions of a top-down prescribed security policy ideal are a meaningless effort that can now be replaced by a more sensible, accessible and effective process for defining ... Read More
The Perils of a Running Start: Can You Skip SOC 2 Type 1?
We’re often asked by customers embarking on the SOC 2 journey, “Can we skip the SOC 2 Type 1 and go straight into a Type 2?” They reason that instead of paying for two audits, they would only pay for one. It seems like an easy choice, right? However, this ... Read More
How to Choose the Right SOC 2 Auditor
The selection of a SOC 2 auditor can be daunting. How do you find one, what should you consider when choosing a SOC 2 auditor, and what interview questions should you ask them? Will they understand your unique environment, product or challenges? Ultimately, the final decision is up to you ... Read More