We’re a SaaS company & have decided to work on getting SOC 2 compliant. Based on initial research, I found that, - we will need to define & implement controls within the company - gather evidence that we are properly implementing the controls - show it to an auditor & get their report
We’re thinking of using some compliance automation tools ( like Vanta, Drata etc. ) for evidence gathering as it appears most of the tools integrate with our entire stack.
But what about other compliance certifications like GDPR, HIPAA etc. It seems that we don’t need to involve an external auditor & get them self attested.
Does this mean that we can claim ourselves to be GDPR & HIPAA compliant ? In that case, do we need such compliance automation tools (or) can just maintain a list of controls in an excel sheet & just start claiming compliance. Can someone help us out here ? submitted by /u/ExploringGriffin
[link] [comments]
http://dlvr.it/T96Zkp
Full width home advertisement
Blog Archive
-
▼
2024
(445)
-
▼
July
(49)
- Serialization and Deserialization: An Essential Guide
- How big is the typical tool stack for penetration ...
- Navigating the Dangers of Insecure Deserialization
- Best Suitable Certifications
- RAND Incident Management Measurement Toolkit is Av...
- Insecure Deserialization Vulnerabilities: A Deep D...
- What are your AppSec pain points?
- Here are some common parameters to test for XSS (C...
- Exploiting insecure deserialization vulnerabilities
- 18.7 Lab: Clobbering DOM attributes to bypass HTML...
- Tools for Cyber Threat Intelligence (CTI)
- The Importance of Cybersecurity in Today’s Digital...
- Hacking Moodle Apps Via External Functions
- SEC+ -> BTL1 or HTB CDSA
- What is CSP (content security policy)?
- Starting as Freelance (Cybersecurity / Malware Ana...
- My Encounter with an Admin Panel in a Gas Agency W...
- Defender Threat Analytics vs CS Overwatch vs Senti...
- Basic Pentesting 1 Walkthrough
- Complex Attack Types: Sample Scenarios 45
- How I Found and Bypassed a Spring Boot Actuator In...
- Who should write and rules? Policiy management in ...
- Exploiting Server-Side Parameter Pollution in a RE...
- How many security tools does an organization typic...
- Tracking CIS CSC v8 controls
- Do you carry any USB flash drive in your everyday ...
- Online tool for NIST assessments
- RECON IS IMPORTANT !!! In Depth Recon Methodology ...
- Seeking Advice on Enhancing Vulnerability Manageme...
- Reconnaissance Basic
- Good blogs/Explanation on how to self check your m...
- Bug Bounty Program for Gluon on Ergo
- What Is The Attacks On Session Layer!
- Is IAM domain a good career choice??
- Find XSS on the Fly ( Full guide )
- Vulnerability management
- Avoid ‘OR 1=1’ while doing SQL Injection, Why?
- What's the term for risk ADDED by a security control?
- Exploiting flawed validation of file uploads
- How to Use Google Dorks to Access Online Cameras
- Streamline SSL Certificate Management with This Tool!
- The Problem With Bug Bounties
- Meta MFA bypass security bug was turned down, call...
- How to get GDPR/ HIPAA compliant?
- How to Use Google Dorks to Find Vulnerabilities
- Announcing BountyHub, CI/CD style of automation fo...
- Hacking Hidden Gems: Content Discovery with Webseek
- PowerBI can create some awesome security tools
- Cisco Finesse Remote File Inclusion (CVE-2024–20405)
-
▼
July
(49)
Advertisement
LIVE CYBERTHREAT
Latest Trends
Contact Form
amcat question search
search Pentest tools
Total Pageviews
Search Blog
Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib
No comments:
Post a Comment