What is California Consumer Privacy Act (CCPA) Compliance?

In a previous article, we discussed GDPR compliance for business in the European Union. Simply put, GDPR changed the way that businesses can use consumer data for marketing and business purposes while giving more control to consumers in terms of how that data is stored, deleted or transmitted. 

While GDPR is not a standard in the United States (and in many ways, GDPR contradicts U.S. laws), several states have introduced their own, more rigorous compliance standards to protect consumers. One of these is the California Consumer Privacy Act or CCPA. This law creates several standards that businesses must follow in the state of California to protect customer data. 

Read More

Who Performs SOC 2 Audits? The Importance of Cybersecurity Expertise in Auditing

soc 2 auditor featured

Service Organization Control (SOC) audits exist to demonstrate a business or other organization’s readiness in areas like cybersecurity, risk management, data management and other areas. These certifications, especially from SOC 2 audits,  are highly sought-after because they show how dedicated your organization is to the safety and security of user data. These audits, conducted by certified SOC auditors, are intended to be a thorough and rigorous examination of your capabilities and how they promote guiding principles of security, privacy and confidentiality. 

Because of the licensing and authorization structure of the SOC auditing ecosystem, however, it is sometimes difficult to understand the capabilities of an auditor. Even now, some firms advertise SOC 2 audits that take as little as 2-4 weeks! 

This article attempts to dispel the myth of a rapid SOC 2 audit, and why working with trained and dedicated security firms supports better cybersecurity practices. 

Read More

What are Enclaves and Why Are They Important for Handling CUI?

Security enclave featured

One of our country’s more important assets is its information. The U.S. IT infrastructure carries private information covering things like financial information, private information, defense and military information or information that is critical to the operation of government agencies. Some information is classified, and some, while not deemed sensitive enough to classify, are protected as Controlled Unclassified Information, or CUI.

CUI is protected under government regulation, which means that if your business wants to work with federal or defense agencies, it must meet regulations to participate. 

Read More