GRC SOC 2: Importance of Stakeholders Collaboration Involving all relevant stakeholders in the SOC 2 implementation process is essential for ensuring that your controls are effective and aligned with your business objectives. By Austin Songer 27 Jan 2023
GRC HIPAA Expected Evidence Click the link below to be redirected to the spreadsheet HIPAA Expected Evidence SpreadsheetHIPAA ID,Control,Expected Evidence,Standard Hierarchy,Frequency164.308(a)(1)(D) By Austin Songer 14 Jan 2023
GRC Audit Principles and Concepts Carve-out method Method of dealing with the services provided by a subservice organization. The nature of the services performed by the subservice Organization is included By Austin Songer 3 Jan 2023
GRC Evidence Gathering Recommendation: Adding TimeStamp To Screenshots Install Timestamp App * https://github.com/mzdr/timestamp When Taking Screenshots Remember when taking screenshots for evidence that you will upload to your GRC tool By Austin Songer 2 Jan 2023
GRC Mapping Security Controls to the HITRUST framework Mapping your security controls to the HITRUST Common Security Framework (CSF) is an important step in the process of preparing for a HITRUST audit. The By Austin Songer 23 Dec 2022
SOC2 SOC 2: Selecting a SOC 2 Auditor Selecting a SOC 2 auditor is an important decision for any organization, as the auditor will be responsible for evaluating the effectiveness of your controls By Austin Songer 22 Dec 2022
SOC2 SOC 2: Overcoming Common Roadblocks As an organization, undergoing a SOC 2 audit can be a complex and time-consuming process. It requires a thorough review of your systems and controls, By Austin Songer 21 Dec 2022
SOC2 SOC2 Evidence - Population Lists Sample of possible population lists from an auditor * List of all in-scope application code changes related to in-house development applications that have occurred during the By Austin Songer 19 Jul 2022
SOC2 SOC2 Readiness Checklist * [ ] Annual Meetings * [ ] Background Check Process * [ ] Employee Handbook * [ ] Employees Acknowledgement * [ ] Documented Charter * [ ] Performance Reviews * [ ] Organizational Chart * [ ] Confidentiality Agreement * [ ] Established Defined Roles * [ ] Job Descriptions Documented * [ ] Job Descriptions By Austin Songer 19 Jul 2022
ISO 27001 Building ISO 27001 Security Program (High Level) Roadmap This is assuming there isn’t any certifications or audits completed for the organization. 3 Months * Create a ISMS Policy and Define ISMS Scope * Complete By Austin Songer 18 Jul 2022
SOC2 SOC 2 Documentation and Evidence Collection Spreadsheet This Spreadsheet you can use to prepare for a SOC2 Audit. Loading... By Austin Songer 14 Jul 2022
Policy Building a Policy Portal: Part 1 -Typical Types of Policies In this first part of a series on building a policy portal for your organization, I will be covering the types of policies, procedures, plans By Austin Songer 26 Jun 2022