How to Simplify Your SOC2 Journey - Episode 209

How to Simplify Your SOC2 Journey - Episode 209

On this episode, unlock the secrets to making SOC 2 compliance a strategic advantage with host Todd Coshow and expert Adam Goslin. Learn how to streamline your process, leverage existing frameworks, and implement continuous compliance strategies. This episode is perfect for security leaders and tech founders looking to simplify SOC 2 and enhance client trust. Tune in to transform compliance from a burden into a superpower.


Episode Transcript:


We're gonna be talking about the journey Adam. That's right This sock to journey and most importantly how to simplify your sock to journey So as we jump in maybe you can let the folks know The sock to feel so gosh darn hard

Well, the major difference is just, you know, structurally in general, you know, compliance is an arena that can get messy. It's got a lot of manual engagement in it. It's overwhelming at times.


You know, the talk too adds complexity because it's not a checklist style of, you know, of a compliance standard. There's not some checklist that we go down, you know, check these boxes and hopefully, you know, hopefully get there. You know, at the end of the day, you know, folks are looking to make the process a little bit easier and, you know, we're here to help.


Sure, I appreciate that. Now for the novices out there, myself included, what is SOC 2, actually?


It's kind of a directional framework where there are criteria that, you know, criteria that need to be met. And so, you know, the kind of the job, if you will, the assessor's job is to kind of look at that directional framework, you know, of these criteria or objectives that need to be met.


And then they need to evaluate the kind of controls that the organization has put in place and the testing steps for those controls to validate, you know, has the organization fundamentally met the, you know, met the objective of the criteria of that particular section, you know, that, you know, the focus that is that aspect of the control set. So it's more of a directional framework and not nearly as prescriptive.


That's interesting. Speaking of prescriptive search, for the listeners of this show, they're more familiar with, say, PCI.


As you're looking at SOC 2 versus PCI, there's got to be a mindset shift, right? What's the difference, really?

Well, in the PCI world, and I mean, honestly, for a long time, the very first standard that I had to go up against was PCI. And in many ways, it's easier. If I want to go handle access control, then I do these 35 things, and if I can be compliant. So PCI is far more prescriptive, and it's been that way for a long time.


Where other standards, you know, like we're talking about SOC 2 today, but HIPAA falls into a similar boat, you know, where it's more meet this objective. How do you go about meeting that objective? Well, you got to prove out that, you know, the things that you're doing for your organization are, you know, are in alignment with the criteria. So it's a different style of an approach to how to go about meeting the requirements of the standard.


Well, why does SOC 2 get so complicated?


Well, I mean, because it, when they've got, you know, where you need you to meet this criteria, right? Well, I mean, that'd be like me, you know, whatever. You're, you're, you're, you're in California. I'm in Michigan, right?


Um, you know, I want you to, you know, I want you to, I want you to lay out the route that one would take to get from California to Michigan. Well, I mean, shit, I mean, I go, I go up the west coast, cut across by Canada. Uh, you know, like I go through Canada, I could, you know, cut the, the closest diagonal, I could decide to go on a coast East coast road trip, all of them are going to get me there, right? Um, you know, there's, there's, there's a million ways that you can, that you can go about doing these and, uh, you know, what, what I've seen on the, on the SOC 2 engagements

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(223)

Building AI Agents Securely - Episode 223

Building AI Agents Securely - Episode 223

AI agents are driving efficiency, but also introducing serious, often unseen security risks. As adoption accelerates, unvetted access, prompt injection, and poorly controlled environments can expose s...

2 Jul 24min

AI-Powered Attacks: Is Your Compliance Program Already Obsolete? - Episode 222

AI-Powered Attacks: Is Your Compliance Program Already Obsolete? - Episode 222

In an era of evolving AI-driven cyberattacks, traditional compliance programs are falling dangerously behind. Static controls create a false sense of security while attackers leverage AI to move faste...

25 Jun 18min

Compliance Theater: Are You Actually Secure or Just Checking Boxes? - Episode 221

Compliance Theater: Are You Actually Secure or Just Checking Boxes? - Episode 221

Most organizations are just performing compliance – ticking boxes, not building real security. What happens when the curtain is pulled back on these check-the-box programs? You might be under the illu...

18 Jun 20min

Audit Fatigue and How to Effectively Navigate It - Episode 220

Audit Fatigue and How to Effectively Navigate It - Episode 220

Caught in a cycle of audit requests, evidence chaos, and burnout? Discover a way out in this episode. Compliance Expert Adam Goslin joins Todd Coshow to reveal the hidden causes of audit fatigue and s...

11 Jun 21min

Identity is the New Perimeter (Zero Trust) - Episode 219

Identity is the New Perimeter (Zero Trust) - Episode 219

On this week's Compliance Unfiltered, discover why identity is the new perimeter in cybersecurity. This episode reveals how zero trust principles can protect your systems by continuously verifying use...

4 Jun 28min

Regulatory Explosion & Board-Level Accountability - Episode 218

Regulatory Explosion & Board-Level Accountability - Episode 218

Discover why compliance is now a boardroom priority, not just an IT task. In this episode, Todd Coshow and Adam Goslin reveal how outdated practices put organizations at risk. Learn about the shift to...

29 Mai 22min

Will Your Compliance Software Vendor Protect Your Data? - Episode 217

Will Your Compliance Software Vendor Protect Your Data? - Episode 217

Most companies overlook vendor vulnerabilities in compliance. On this episode, the CU Guys reveal hidden risks in vendor relationships, from breaches to vetting gaps. Discover tactics for evaluating v...

21 Mai 21min

Data Has Borders: The New Rules of Compliance - Episode 216

Data Has Borders: The New Rules of Compliance - Episode 216

Data compliance isn't just about protecting information anymore — it's about understanding where your data lives, how it moves, and how to stay compliant across borders. On this Episode of Compliance ...

14 Mai 20min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
tomprat-med-gunnar-tjomlid
shifter
rss-kunstig-intelligens-med-elisabeth-maren-og-morten
teknologi-og-mennesker
smart-forklart
rss-ai-forklart
rss-ki-praten
energi-og-klima
elektropodden
rss-alt-som-gar-pa-strom
hans-petter-og-co
kortslutning
fornybaren
rss-heis
rss-digitaliseringspadden
rss-vippserne
rss-bitcoinpolitisk-institutt-norge