Top Compliance Pain Points by Industry

Whether you are adhering to mandatory regulations or voluntary cybersecurity frameworks, taking compliance seriously can be a huge boon to your organization. It can help you avoid costly penalties, signal to your customers that you’re serious about security, and improve your organization’s overall security maturity. Meeting compliance requirements can also help open your business up to new markets, whether you’re targeting specific industry verticals or going after international customers, and finally, it can speed up your sales process along the way.

But let’s be honest: Compliance can seem like a necessary evil. It’s time consuming and complex, and it can be a huge pain in the you-know-what. Just because the benefits outweigh the costs doesn’t make the process any less painful.

Certain frameworks make their pain felt across industries. GDPR, for example, applies to any organization doing business even nominally in Europe and requires notification of a breach within 72 hours. SOC 2 is a rigorous standard that applies to any company operating in the cloud, and one of the main challenges for Threat Stack in achieving SOC 2 compliance was eliminating the disconnect between our engineering team’s tickets and the code associated with those tickets.

Other compliance frameworks reserve their pain for specific industries, and those can feel especially burdensome. What are the main pain points by industry, and, more importantly, how can you mitigate them? We dig into the specifics below. Read more “Top Compliance Pain Points by Industry”

How to Achieve Type 2 SOC 2 With Zero Exceptions — Webinar Recap

SOC 2 compliance is one of the most common customer use cases we come across at Threat Stack. Developed by the American Institute of CPAs (AICPA), the framework is designed for service providers storing customer data in the cloud, and SaaS companies among others often turn to us as they begin to feel overwhelmed by the requirements.

Having undergone a Type 2 SOC 2 examination ourselves, Threat Stack’s Vice President of Technical Operations Pete Cheslock, and Senior Infrastructure Security Engineer Pat Cable, gathered for a webinar recently to discuss exactly what we did to achieve SOC 2 compliance with zero exceptions. Read the recap below, or listen to the full webinar here. Read more “How to Achieve Type 2 SOC 2 With Zero Exceptions — Webinar Recap”

sockembot: How Threat Stack Added Automation & Visibility to its SOC 2 Change Management Process

At Threat Stack, we often talk about visibility. We have promoted visibility from an operations perspective and have given our customers visibility into their environments through our intrusion detection platform. But when it comes to change management, how do we give ourselves the same level of visibility into our internal process changes at Threat Stack? This became a very real question as we decided to roll out our Type 2 SOC 2 program over the last year, and the answer turned out to be sockembot —  an automated SOC 2 compliance checking bot that we describe in this blog post. Read more “sockembot: How Threat Stack Added Automation & Visibility to its SOC 2 Change Management Process”

How to Get Your SaaS Company SOC 2 Compliant With Minimal Headaches

SOC 2, which was developed by the American Institute of CPAs (AICPA), is specifically designed for service providers storing customer data in the cloud, which means that it applies to nearly every SaaS company operating today.

So, what is SOC 2 exactly? While the framework is a technical audit, it goes above and beyond this to require that companies establish and follow strict information security policies and procedures. The criteria for developing these policies and procedures is based on five “trust service principles” to ensure:

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy of customer data

Compliance can be evaluated by independent auditors who assess a company’s ability to comply with these five principles.

SOC 2 is one of the more common requirements that SaaS companies must meet, but that doesn’t make compliance any simpler or dealing with an audit any less exacting. In this post we have laid out the most important requirements and the steps you should take to become compliant quickly in order to stay out of trouble with auditors and compete in a crowded SaaS market. Read more “How to Get Your SaaS Company SOC 2 Compliant With Minimal Headaches”

Threat Stack Successfully Completes Type 2 SOC 2 Examination

Threat Stack is proud to announce that we have successfully completed a Type 2 SOC 2 examination for the Security and Availability principles with Schellman & Co for our intrusion detection platform and Oversight Managed Service.

This accomplishment is especially exciting for the Threat Stack team because we were able to pass our first SOC 2 examination with zero exceptions — without having taken the organization through any similar experiences before — underscoring our commitment to maintaining rigorous security standards in our company’s technology, processes, and personnel along with the highest level of security and privacy for our customers.

In this post, we want to share highlights of Threat Stack’s SOC 2 journey — why we chose this standard, the process we followed, and our commitment to our customers. In upcoming posts we’ll provide more detailed specifics as our customers go through similar journeys. Read more “Threat Stack Successfully Completes Type 2 SOC 2 Examination”

9 Common Questions About SOC 2 Compliance

SOC 2 compliance is a crucial framework for technology and cloud computing companies today. As with many other compliance mandates, it is not a simple connect-the-dots proposition, but rather a complex set of requirements that must be reviewed and carefully addressed. But it doesn’t have to be overwhelming. Below, we’ll break down nine of the most common basic questions that we hear about SOC 2. Think of it as a 101 on SOC 2.

Read more “9 Common Questions About SOC 2 Compliance”