dnorman: cloud* + security* + soc2*

2 bookmark(s) - Sort by: Date ↓ / Title / - Bookmarks from other users for this tag

  1. "The net messages in all of this –

    A vendor that takes information security this serious probably deserves to be instantly added to your short-list, provided they have the requisite skill and experience in the products and services you seek.
    There are likely substantial vendor due diligence and annual re-certification expenses you can save as well. If a vendor can pass the SOC 2 Type II audit, there is little you will review that will trip them up. They have endured far worse. Just ask for their SOC 2 Type II report and certification documentation, review it to ensure your own comfort, then check the “Exceeds Requirements” box, and move on to the next vendor to review.
    Yes, we are essentially saying that SOC 2 Type II vendors should be given a “free pass” (of sorts). Give them an explicit opportunity to strut their stuff in your RFP process. And, by no means was it FREE. It has cost them dearly, but they think earning your business and peace of mind is worth it."
    https://www.mpamag.com/news/the-impor...ations-in-vendor-sourcing-108901.aspx
    Tags: , , , , by dnorman (2018-11-16)
  2. "In short, you must be able to cover not only security of the cloud (the cloud provider’s infrastructure), but also security in the cloud (how you configure and use the cloud infrastructure and services, as well as your applications and data) and security outside of the cloud (your software development processes, user endpoint devices, training and awareness, etc.)"
    https://jupiterone.io/blog/what-is-soc2-compliance
    Tags: , , , by dnorman (2018-11-16)

Top of the page

First / Previous / Next / Last / Page 1 of 1 Linky linky...: Tags: cloud + security + soc2

About - Propulsed by SemanticScuttle