You’re a busy and important person, with many plates to spin and deals to win. I get that! Understandably, sometimes things fall through the cracks, but can you really handle hefty fines or the headache of a data breach? Probably not. With more business conducted online and through credit cards than ever, it’s essential to … The Importance of a PCI DSS Self-Assessment Questionnaire
Did you know that 76% of enterprises lack a clearly defined enterprise IT risk assessment and management strategy? As a result, it’s challenging to get your executive team to buy into your risk management program. The hurdle for most companies is nailing down an approach. Do you know the board game Risk? In the Risk … Tips and Tricks for Enterprise IT Risk Assessments
Welcome to part two of SOC 2 Bootcamp coving policies and controls! Quick refresher—we borrowed Bluth Company and Associates from Arrested Development. Monica works for Bluth Company and is in charge of getting their SaaS product, Banana Stand, SOC 2 compliant. In SOC 2 Bootcamp Part 1: Scoping and Auditor Selection, the Bluth Company kicked … SOC 2 Bootcamp Part 2: Policies and Controls
Knowing who your vendors are, how they manage their risks and the impact it could have on your company is a crucial piece of your InfoSec program. It’s also a requirement for SOC 2, ISO 27001, HIPAA and more! At Tugboat Logic, we’ve set out to simplify how you manage IT risk, audits and compliance, … How to Perform a Vendor Risk Assessment
Last year, to protect Controlled Unclassified Information and Federal Contract Information, the US Department of Defense (DoD) announced the Cybersecurity Maturity Model Certification or CMMC. As of today, Tugboat Logic has a pre-built CMMC framework to help you get and stay compliant! What is the CMMC Framework? All DoD contractors need to obtain a CMMC … Introducing the CMMC Framework
A risk treatment plan (RTP) is an essential part of an organization’s InfoSec program. In fact, ISO 27001 requires an RTP while SOC 2 and other frameworks ask for similar documentation. A solid risk assessment and risk treatment process produce a stable InfoSec program. It’s like spending money on an alarm system and only protecting … The Basics of a Risk Treatment Plan
You’re in a cold sweat. A customer or prospect needed you to be SOC 2 compliant yesterday. But it’s today, and you’re still not SOC 2 compliant. So, you Google SOC 2 to understand what you’re getting yourself into. And you don’t like what Google’s telling you. It looks complicated. And time consuming. You’ve got … Sorry, SOC 2 in 14 Days Is Too Good to Be True
You probably have customers asking you all the time if you’re SOC 2 compliant. You’re not yet, but you know it’s important. So you do a little Googling. Where do you start? Who needs to be involved? What’s required? Can you relate to this scenario? Lots of organizations can! That’s why we put together a … SOC 2 Bootcamp Part 1: Scoping and Auditor Selection
Real Security Assurance Takes Real Commitment Being able to demonstrate security compliance can open doors for SaaS companies. After successfully completing the SOC 2 or ISO 27001 audit processes, the clients your company attracts and their level of trust in you will increase. Sometimes dramatically! But it’s also time and labor-intensive. For startups, you don’t … Introducing the Tugboat Logic Attestation Report and Certification
The SOC 2 cost guide has been our most popular download every month since it was first released. It’s become highly popular because it outlines SOC 2 audit costs, certification costs, compliance costs, and savings from automation technology. Below you’ll find a spreadsheet table of SOC 2 costs that can guide your decision-making. How Much … SOC 2 Cost Guide
Tugboat Logic is committed to diversity and inclusion, and we want to acknowledge and celebrate all the voices and experiences across our company. Last week, Tugboat Logic kicked off Pride Month … A Time to Reflect, to Observe and to Celebrate. It started with an internal blog looking at the history of Pride and discussing … Tugboat Logic Celebrates Pride
Boiling the GDPR down to basics sounds too good to be true, but we did it. Doesn’t 2018 seem like a lifetime ago? Teens were eating Tide Pods, Prince Harry and Meghan Markle’s wedding dominated the press, and the ball got rolling on Brexit. The world has changed drastically over the last three years, but … The Basics of GDPR Compliance