We often get asked by prospects and customers whether they should get a SOC 2 vs. SOC 3 certification, and what their similarities and differences are. So, we decided to get you the right answers straight from our CISO Jose Costa (and if you’ve never met him before, he’s a real security and compliance OG … SOC 2 vs. SOC 3: Similarities and Differences

Our customers frequently ask us, “Which controls are most often missed or incomplete during SOC 2 audits, and how will you help us make sure we’re ready?” So, we asked our CISO Jose Costa, head of the Tugboat Security Labs Team (the team that helps customers know everything about compliance) and former partner at PwC, … The 4 Controls Most People Fail During SOC 2 Audits

Control of the Week #9 – Employee Handbook and Code of Conduct, and Code of Ethics This week’s controls are on the Employee Handbook and Code of Conduct, and Code of Ethics. Jose Costa (CISO at Tugboat Logic), Harpreet Shergill (Senior Manager, IS Risk & Compliance at Tugboat Logic), and Chika Nwajagu (Senior Security Analyst … Employee Conduct Standards: Know the Code(s)

If you’re looking for thorough answers to your questions around passing SOC 2 audits remotely or whether you should do another risk assessment, then look no further: Both Jose Costa (CISO at Tugboat Logic) and Patrick Murray (Chief Product Officer at Tugboat Logic) sat down at a virtual roundtable with two “Real Deal Holyfield” senior … 4 Tips for Compliance in a Remote Work World

Control of the Week #8: Background and Reference Checks This week’s control is on background and reference checks. Jose Costa (CISO at Tugboat Logic), Harpreet Shergill (Senior Manager, IS Risk & Compliance at Tugboat Logic), and Chika Nwajagu (Senior Security Analyst at Tugboat Logic) explain why user background and reference checks can be important to … Background Checks: Super Sleuthing for Your Security

Straightforward, non-salesy advice on how to choose auditors for security certifications like SOC 2 is lacking. Sure, you could spend hours searching for bits and pieces of info and or talk to different auditors, but you won’t find all of the info in one place (and by then, you probably want to inject yourself with … How to Pick an Auditor for SOC 2 and Beyond

Control of the Week #7: Password Control This week’s control is on passwords. Jose Costa (CISO at Tugboat Logic), Harpreet Shergill (Senior Manager, IS Risk & Compliance at Tugboat Logic), and Chika Nwajagu (Senior Security Analyst at Tugboat Logic) explain why user password control is important and how you can implement it for your audits. … How to Make Your Passwords Pass Audits

Control of the Week #6: Administrative Access This week’s control is on risk assessments. Jose Costa (CISO at Tugboat Logic), Harpreet Shergill (Senior Manager, IS Risk & Compliance at Tugboat Logic), and Chika Nwajagu (Senior Security Analyst at Tugboat Logic) explain why administrative access is important and how to conduct them in five steps. Why … Security Controls, Explained: Admin Access