One of the most common requests I get from organizations preparing for a SOC 2 audit is for the SOC 2 control list that specifies the required controls. However, unlike other security frameworks, SOC 2 does not come with a set list of controls. Rather, the amount and type of SOC 2 controls an organization […]

Containers, and the concept of containerization, have been continuing to grow. Many organizations are struggling to keep up with the new technology and keep their systems secure. If you and your organization are considering trying to use or moving to containers, many of your current security processes and procedures will no longer work with containerization […]

Who likes dealing with regulatory compliance? It’s not the most fun or popular task for organizations to deal with. Yet we live in a world with increasing risks related to information security, increasing regulation, and less time to commit to dealing with these factors. With the proliferation of artificial intelligence (AI) and compliance automation tools […]

People often make New Year’s resolutions to reflect on the past year and set goals for personal growth, improvement, or change in the year ahead. One of the funniest I’ve heard is, “My New Year’s resolution is to stop procrastinating… starting tomorrow.” If you’ve been procrastinating on learning about CMMC, now is the time to […]

The Cloud Security Alliance is a non-profit organization that promotes the use of best practices for providing secure cloud computing. Since 2010, the CSA has released four versions of a free Cloud Controls Matrix for public use.

Globally, the advent of AI systems and technologies is leading massive innovations. For example: The AI market in the U.S. was valued at $50.16 billion in 2024 and is projected to grow at a compound annual growth rate (CAGR) of 28.30%, reaching $223.70 billion by 2030. In 2023, investments in generative AI surged to $25.2 […]

Compliance is defined in the dictionary as “the action or fact of complying with a wish or command.” That is a very simple definition for a complicated topic, especially when you consider all the demands and regulations companies are asked to be compliant with these days.

It’s 2 a.m., and the team is on a call. A security vulnerability has just been flagged in the production system. Hackers are actively exploiting this flaw worldwide. The pressure is on: the system needs an emergency patch—now. Testing? There’s no time. Waiting for standard approvals? Not an option. But as the team scrambles, the […]

Defining the scope of a SOC (System and Organization Controls) assessment is often the starting point for any meaningful audit preparation. The scope is critical because it determines which systems, services, and periods will be evaluated, impacting the value and usefulness of the SOC audit report to stakeholders. In this article, we’ll walk through essential […]

Under the Patient Protection and Affordable Care Act (the “ACA”), health insurance marketplaces have been set up to facilitate the purchase of health insurance in each state.