We often get asked by prospects and customers whether they should get a SOC 2 vs. SOC 3 certification, and what their similarities and differences are. So, we decided to get you the right answers straight from our CISO Jose Costa (and if you’ve never met him before, he’s a real security and compliance OG … SOC 2 vs. SOC 3: Similarities and Differences
Victor
Our customers frequently ask us, “Which controls are most often missed or incomplete during SOC 2 audits, and how will you help us make sure we’re ready?” So, we asked our CISO Jose Costa, head of the Tugboat Security Labs Team (the team that helps customers know everything about compliance) and former partner at PwC, … The 4 Controls Most People Fail During SOC 2 Audits
Straightforward, non-salesy advice on how to choose auditors for security certifications like SOC 2 is lacking. Sure, you could spend hours searching for bits and pieces of info and or talk to different auditors, but you won’t find all of the info in one place (and by then, you probably want to inject yourself with … How to Pick an Auditor for SOC 2 and Beyond
These 4 reasons sum up why you should get your SOC 2 now: 1) customers will ask for it, 2) it’s a competitive advantage for your org, 3) it’s an investment that pays high dividends, and 4) it’s a forcing function to get your security efforts in place. Read on to get more details behind each reason.
These 3 things will delay your SOC 2: risk assessments, penetration tests, and internal security audits. Learn why you should take care of them in advance in order to maximize your chances of passing SOC 2.
Here are the top three security and compliance trends for 2020 Tugboat Logic has gathered from their customers and partners have observed in their respective industries.
The fourth (and final) part of Tugboat Logic’s security best practices guide provides recommendations on securing customers’ data and training them on security awareness and security best practices.
Part 3 of the security best practices guide teaches you how to conduct internal security tests using three tools and how to make coding a living security process. This section also explains why you should shift security left and make security awareness training a part of onboarding.
Part 1 of the security best practices guide teaches you how to foster a blameless security culture, extend that culture to safeguarding customers’ data, and ensuring you have up-to-date infosec and incident response plans.
Part 2 of the security best practices guide gives you a basics checklist (e.g. set up HTTPs, keep backups of your back-ups) and best practices for finding vulns in your product. Part 2 also teaches you how to properly set up your cloud infrastructure.
Tugboat Logic’s explainer on third-party risk management shows why the vendor management security control for SOC 2 and ISO 27001 is important, and teach you how to implement it for both certs. You’ll learn how to conduct vendor risk assessments with the templates we use internally.
This guide will teach you best practices for implementing and scaling security at your start-up. It covers everything from operational security to giving you tips on how to ensure your customers’ data is secure.