FAQ
How Frequently Should You Audit for SOC 2?
After your first System and Organization Controls for Service Organizations 2 (SOC 2) report, you’ll most likely want to follow up every year with a new audit and report.
But you can ...
October 31, 2023
FAQ
Do I Need a SOC 2 Report?
If your enterprise is a service provider that handles customer data, it should have a System and Organization Controls for Service Organizations 2 (SOC 2) report attesting to its SOC 2 com ...
October 31, 2023
FAQ
What Are NIST Controls and How Many Are There?
The National Institute of Standards and Technology is a U.S. government agency that publishes cybersecurity frameworks organizations can use to strengthen their internal controls and complia ...
October 30, 2023
FAQ
How do I Prepare for an ISO Surveillance Audit?
An ISO (International Organization for Standardization) surveillance audit is an occasional review of a company’s quality management system or information security management system (ISMS) ...
October 30, 2023
FAQ
How Much Does a SOC 2 Audit Cost?
SOC 2 audits inspect the security controls of vendors and service providers. (“SOC” itself is an abbreviation of System and Organization Controls for Service Organizations.) It’s reaso ...
October 30, 2023
Article
NIST and FedRAMP: A Brief Overview
If you are new to the U.S. government's rules for federal government contractors, there can be a host of tricky compliance terms to navigate. So here is a quick primer on two of the most imp ...
June 8, 2023
FAQ
Is AWS FedRAMP Certified?
FedRAMP is the short-hand name for the Federal Risk and Authorization Management Program, which the U.S. federal government uses to assess the security of cloud-based vendors and service pro ...
January 18, 2023