GRC SOC 2: Pros and Cons The SOC 2 framework is a set of standards and guidelines developed by the American Institute of Certified Public Accountants (AICPA) for evaluating the effectiveness By Austin Songer 9 Feb 2023
GRC ISO 27001: Pros and Cons The ISO 27001 framework is an internationally recognized standard that provides a set of best practices for establishing, implementing, maintaining, and continually improving an organization's By Austin Songer 9 Feb 2023
GRC SOC 2: Importance of Stakeholders Collaboration Involving all relevant stakeholders in the SOC 2 implementation process is essential for ensuring that your controls are effective and aligned with your business objectives. By Austin Songer 27 Jan 2023
GRC HIPAA Expected Evidence Click the link below to be redirected to the spreadsheet HIPAA Expected Evidence SpreadsheetHIPAA ID,Control,Expected Evidence,Standard Hierarchy,Frequency164.308(a)(1)(D) By Austin Songer 14 Jan 2023
GRC Audit Principles and Concepts Carve-out method Method of dealing with the services provided by a subservice organization. The nature of the services performed by the subservice Organization is included By Austin Songer 3 Jan 2023
GRC Evidence Gathering Recommendation: Adding TimeStamp To Screenshots Install Timestamp App * https://github.com/mzdr/timestamp When Taking Screenshots Remember when taking screenshots for evidence that you will upload to your GRC tool By Austin Songer 2 Jan 2023
GRC Mapping Security Controls to the HITRUST framework Mapping your security controls to the HITRUST Common Security Framework (CSF) is an important step in the process of preparing for a HITRUST audit. The By Austin Songer 23 Dec 2022
SOC2 SOC 2: Selecting a SOC 2 Auditor Selecting a SOC 2 auditor is an important decision for any organization, as the auditor will be responsible for evaluating the effectiveness of your controls By Austin Songer 22 Dec 2022
SOC2 SOC 2: Overcoming Common Roadblocks As an organization, undergoing a SOC 2 audit can be a complex and time-consuming process. It requires a thorough review of your systems and controls, By Austin Songer 21 Dec 2022
SOC 2 Audit Process SOC 2 is a cybersecurity audit that evaluates an organization's controls related to security, availability, processing integrity, confidentiality, and privacy. It is typically conducted by By Austin Songer 21 Dec 2022
Slack Best Practices Part 1: Channel Naming Part 2 will be covering "Slack Usage Policy" Part 3 will be covering the importance of developing "Slack Training" course. The Importance of Naming Naming By Austin Songer 19 Oct 2022
compliance ISO 27001:2022 The new version of ISO 27001 will be released sometime in the Q4 2022. Major changes will be: 1. Clauses 4 to 10, are not By Austin Songer 25 Aug 2022
SOC2 Vendor Management Policy Purpose and Scope * This policy defines the rules for relationships with the organization’s Information Technology (IT) vendors and partners. * This policy applies to all By Austin Songer 22 Aug 2022
Security Governance List of Information Security Metrics to Track Organizational * Information Security Budget as Percentage of IT Budget * Information Security Budget Spend Breakdown * Percentage of Users With Security Exceptions * Percentage of Staff Fully Trained By Austin Songer 15 Aug 2022
