Data privacy and protection are critical parts of any compliance framework, and few regulatory bodies take that fact more seriously than the General Data Protection Regulation, or GDPR. A law passed in the European Union in 2018, GDPR attempts to address core issues of how businesses can gather, use and manage customer data as part of their business operations without violating the rights of those customers. 

While some businesses in the U.S. may not see much value in understanding GDPR, those serving EU customers are wise to better grasp the intricacies of the law and how it will impact their work in Europe. 

Read More

The Defense Industrial Base (DIB) supply chain is integral to the security and well-being of our country and includes everyone from government agencies to IT contractors providing software, applications and cloud services to those agencies. It seems obvious that the regulations pertaining to these companies and their products would be more stringent than others, and would include more than simple security measures. That’s where RMF plays a major role. 

In this article, we discuss RMF and how it breaks down into actionable steps. Furthermore, we will discuss the importance of risk management for DoD contractors and why you should work with experts in managing your own risk. 

Read More

Service Organization Control (SOC) audits exist to demonstrate a business or other organization’s readiness in areas like cybersecurity, risk management, data management and other areas. These certifications, especially from SOC 2 audits,  are highly sought-after because they show how dedicated your organization is to the safety and security of user data. These audits, conducted by certified SOC auditors, are intended to be a thorough and rigorous examination of your capabilities and how they promote guiding principles of security, privacy and confidentiality. 

Because of the licensing and authorization structure of the SOC auditing ecosystem, however, it is sometimes difficult to understand the capabilities of an auditor. Even now, some firms advertise SOC 2 audits that take as little as 2-4 weeks! 

This article attempts to dispel the myth of a rapid SOC 2 audit, and why working with trained and dedicated security firms supports better cybersecurity practices. 

Read More