SOC 2 compliance guide for startups

Security has always been a big concern for business organizations. Nowadays, it’s an even more significant concern, and it isn’t hard to understand why. The technology world changes at an amazingly fast pace. Companies around the world increasingly rely on the cloud with each passing year. And with each passing year, we see the number of security threats increase. That’s why compliance requirements are crucial in this day and age.


New SaltStack SecOps Products Automate Vulnerability Remediation and Continuous Security Compliance

LEHI, Utah – Nov. 19, 2019 – SaltStack, the creators of intelligent automation for IT operations and security teams, today announced the general availability of SaltStack Protect for automated discovery and remediation of security vulnerabilities across web-scale infrastructure. SaltStack Protect is a new product now available in the SaltStack SecOps family of products and is additive to SaltStack Comply.


Compliance in Serverless - A Protego Use Case

Companies choose to transition to serverless computing for various reasons; two main reasons including faster time-to-market and reduced infrastructure costs. However, their serverless security requirements differ based on a myriad of factors. One of those factors is compliance. Today we highlight compliance in serverless, with a compliance-driven client. We will showcase their security driver and challenges, their chosen solution, and ultimately, results.


Compliance Made Easy with JFrog Xray

As compliance managers, we often find ourselves in a struggle. Our responsibility is to uphold compliance standards but in order to achieve this, we need to “sell” the concept to the relevant stakeholders, inter alia the business teams and R&D. We’re put in the position of justifying required changes and processes and are thus mistakenly perceived as business “stoppers” and not enablers.


Sox Management Review Controls

The Sarbanes-Oxley Act of 2002 (SOX) designates management review controls (MRCs) as one of the required internal controls. MRCs are the reviews of key financial information conducted by a company’s management to assess its reasonableness and accuracy. They are a key aspect of a public company’s internal control over financial reporting (ICFR).


Audit Log: Feature Guide for Security and Compliance

In computing, an audit log is a record of an event. An event is any significant action that impacts the hardware or software of a computer – anything from a mouse click to a program error. Besides documenting which resources were accessed and what for, an audit file system will also include the source and destination addresses, the timestamp, and the user ID information.

Why You Should Create Meaningful Compliance KPIs

In an era where the breach of internal corporate ethics and external policies is becoming common, businesses need to implement robust compliance management systems for their own good. The cost of non-compliance is high; from lost data to regulatory fines. To ensure your company is compliant with regulatory rules and standards, it is critical to set relevant Key Performance Indicators (KPIs). Having meaningful KPIs is vital to corporate compliance.

How to Make Your Business HIPAA Compliant

Ensuring that your health industry business complies with the Health Insurance Portability and Accountability Act or HIPAA is often considered a costly burden and another red-tape requirement. A majority (69%) of businesses view compliance as the cost driver for setting up compliance programs. But a similar number of companies (64%) note that HIPAA is a very effective method to keep health data safe. It is a crucial step to take to protect both your clients and your company from data breaches and.additionally from non-compliance fines if a breach occurs.
blue medora

Compliance in A Code Driven Infrastructure

Blue Medora has recently completed a SOC 2 Type 1 audit by Plante Moran! Anyone who has been through a SOC 2 audit, or any other compliance regimen (SOX, HIPAA, PCI, etc.) knows that it can be strenuous to ensure you have all your processes and procedures documented, as well as proving out that you follow those procedures. To my surprise, some of our modern deployment processes made this process easier than expected!