Skip to main content

Checklist SOC 2

If you are a service organization and your customers entrust you with their data, you may need to pass a SOC 2 audit to sell your products. Your customers might now demand an audit report from you, or industry regulations might require it. You may need to provide proof of SOC 2 compliance to demonstrate that the data entrusted to you is well secured.

Benefits: enhancing risk management and transparency

Organizations often face inquiries about security standards from (potential) clients; what are the differences between an ISAE 3402 | SOC1, ISAE 3000 | SOC2, and an ISO 27001 audit? Which standard is more applicable to our business, ISAE or ISO 27001? What are the pros and cons of ISAE versus ISO 27001? ISAE 3402 and ISO 27001 are fundamentally different types of standards with equally dissonant usage.

ISAE 3402 | SOC 1 Adapted to an organisation?

Systems and Controls – SOC reporting revolves around controls. An ISAE 3402 | SOC 1 report focuses on financial outsourcing, including asset management, SaaS providers (financial software), data centers (storage of financial data).

What is a Data Breach and What Can My Organisation Do About It?

Nowadays, there is increasing news about data breaches. Entire documents and data from companies, as well as their stakeholders, are easily accessible. This can have many consequences for the stakeholders, but perhaps even more for the company.

The Dutch Data Protection Authority has defined a data breach as an incident involving access to or destruction, alteration, or unauthorized disclosure of personal data at an organisation without the intention of the organisation itself.

The relationship between: ISAE 3402 and ISA 402

The ISAE 3402 standard states that reports made in accordance with ISAE 3402 already provide sufficient evidence under ISA 402, audit considerations relating to an entity using a service organization. In other words, ISA 402 focuses on the responsibility of the user organization to obtain adequate and appropriate control information when a user organization uses one or more service organizations.

Red teaming vs penetration testing vs vulnerability scanning

A vulnerability scan, penetration test (pentest) and Red Teaming are different ways to test cybersecurity. The terms are often confused or misused. Do you know which test best fits your needs? In this blog post, we will cover the difference between red teaming vs penetration testing vs vulnerability scanning.

Securance & Kiwa: Cybersecurity Solutions

Securance, a leader in integrated risk management and cybersecurity solutions in Europe, is excited to announce a new partnership with Kiwa, an esteemed provider of certification and compliance services. This collaboration will focus on ISO certifications and Assurance services, enhancing our offerings while maintaining our distinct expertise in our respective fields.

DORA: Making the Financial Sector Stronger

As financial institutions increasingly rely on digital systems, the need for robust operational resilience has never been more critical. The Digital Operational Resilience Act (DORA) is a pioneering regulation aimed at fortifying the financial sector against digital disruptions. This blog explores how DORA enhances the sector’s resilience.

Is the local administrator’s password reused in your environment?

The Windows operating system by default includes an administrator account for management purposes whose password is the same in many environments on multiple systems.

Why password reuse is common

The Windows operating system by default includes an administrator account for management purposes whose password is the same in many environments on multiple systems.