36 docs tagged with "compliance"

There are quite a few auditing principles and concepts that might seem foreign to management or perhaps even an inexperienced service auditor.

Testing will occur for different criteria and controls that have been implemented by the service organization. For example the testing and evidence for availability will be different than that of privacy.

Your SOC 2 is only valid for a year after your audit. If you’re behind on renewing your SOC 2 report and it falls past the date in which it’s valid, you may need a SOC 2 bridge letter. In this guide, we’ll explain what a SOC 2 bridge letter is and the role it plays in maintaining trust with your customers as you renew your report.

Cybersecurity Maturity Model Certification - DoD Framework for Protecting Federal Contract Information and Controlled Unclassified Information

Comprehensive glossary of compliance, security, and GRC terminology including SOC 2, ISO 27001, GDPR, HIPAA, risk management, and audit-related terms and definitions

Guide to conducting a SOC 2 audit including communication strategies, audit procedures, documentation requirements, and best practices for successful compliance attestation

How to map controls across different compliance frameworks

How to create and manage programs

Share security documentation with Trust Center visitors

Overview of the Evidence Dashboard in Openlane Console

No, a SOC 2 is not legally required by any organization. However, your customer may require you to obtain one in order to do business with you.

Display compliance certifications on your Trust Center

Health Insurance Portability and Accountability Act - Protecting Health Information Privacy and Security

How to import existing controls into Openlane

ISO 27001 compliance for the Openlane platform

NIST Cybersecurity Framework - Identify, Protect, Detect, Respond, Recover

Comprehensive guide to NIST standards including NIST 800-53, Cybersecurity Framework 2.0, risk management, and security controls for federal agencies and organizations

Open-source compliance automation platform for managing security, risk, and regulatory requirements. Streamline SOC 2, ISO 27001, NIST, GDPR, and HIPAA compliance.

User groups and access management for compliance teams

Managing your controls within the Openlane platform

Evidence management for compliance programs and audit preparation

What a Program is and how to use it

Comprehensive guide to Cloud Controls Matrix (CCM) compliance, security controls, and risk management for cloud service providers

Comprehensive guide to CIS compliance including benchmarks, certification process, and implementation strategies for cybersecurity best practices

Overview of NIST 800-53 compliance including security controls, risk management framework, and implementation guidelines for federal information systems

Overview of SAMM compliance including maturity levels, assessment framework, and implementation strategies for software security

Payment Card Industry Data Security Standard - Protecting Cardholder Data

The below diagram does not depict all processes in an audit however it provides you with a high-level overview of what high level steps are involved in going through a SOC2 audit. Every auditing firm, consultant, and lead implementer will have its own processes and techniques for completing the audit.

Overview of policies and procedures within Openlane

There are three documents you’ll need for your SOC 2 audit: a management assertion, a system description, and a controls matrix.

Passwords and MFA

Comprehensive guide to SOC 2 compliance including Trust Services Criteria, AICPA framework, implementation timeline, costs, and audit requirements for service organizations

You should always refer to the published standard for details regarding the prescribed controls or implementation guidance. At the time of writing, the most current SOC 2 version is the 2017 with revised points of focus 2022. However, the below tables provide a high-level overview of the common criteria for each Trust Services Criteria (TSC) and the points of focus that should be used as guidance for convenience and easier readability.

Comprehensive guide to Sarbanes-Oxley Act (SOX) compliance requirements, internal controls, financial reporting, and audit requirements for publicly traded companies

Granular sub-requirements and components within compliance controls

Customer-facing portal for demonstrating your security posture and compliance status