Resources

March 28, 2024 - Family Businesses 2 Wayne Elliott and Security Audits Mike DeKock - School for Startups Radio Entrepreneur Podcast - Learn to be a low risk entrepreneur!

How do the value creation principles of subjective value, entrepreneurship and creativity apply in a highly technical rules-based environment like SOC Compliance audits. These are objective validations of data security measures based on customer-defined criteria similar to traditional financial audits but more specific and subjective.

Throughout history, the prevailing narrative surrounding compliance has been one of necessity, not choice, and audits are approached with a sense of inevitability rather than opportunity.

It’s natural to feel pressure from your organization's SOC 2 exam. There are people counting on it, the expectations are not always clear, and the idea of potential “failure” will always introduce stress… but it doesn’t need to be that way.

In general, all SOC 2 reports must cover the trust services criteria relevant to security, so that is a good place to start.

We highly recommend you do not use the phrase “SOC 2 Certified." Yes, you see it everywhere, and your competitors are celebrating their certificate - but don’t do it because such a thing does not exist.

Check out Software Secured's story focused on the process of working on their SOC 2 report with MJD Advisors

We partnered with SecFix on this article to share the differences between ISO 27001 certification and SOC 2 completion, and how you can leverage your work from one to the other.

Penetration testing simulates an outside attack on your applications and network. Drata shares the types of pen tests and how to conduct one to prevent risk.