How to Fail a SOC 2 Audit – Webinar

What are some of the most common areas that cause audit failure? Can you get your team organized, kickstart the project, and take it fully to success? Where do most audit projects break down?

Topics in this webinar include:

  • Qualified Report vs Exception
  • How to setup a SOC 2 project for success
  • Common audit exceptions
  • Get inside the head of a SOC 2 auditor

Download the webinar:
Continue reading How to Fail a SOC 2 Audit – Webinar

SOC 2 – Human Resources Management

What do I need to know before the auditor shows up? Why does SOC 2 care about HR policy and practices and what are the relevant HR requirements? How do I incorporate the requirements over external parties and communications? Even more germane, how do I properly document for the audit?

Topics in this webinar include:

  • The relevant SOC 2 criteria impacting human resource management
  • The HR requirements that apply to customers, vendors, and communications
  • How to create auditable evidence
  • Get inside the head of a SOC 2 auditor

Download the webinar:
Continue reading SOC 2 – Human Resources Management

SOC 2 Vulnerability Management Webinar

What are the SOC 2 requirements as it relates to vulnerability management?
What do I need to watch out for when I schedule a penetration test? What are others doing to comply cost-effectively?

Topics in this webinar include:

  • The relevant SOC 2 criteria impacting vulnerability management
  • How to compliantly configure a penetration test
  • Cost-effective strategies to comply with SOC 2
  • Get inside the head of a SOC 2 auditor

Download the webinar:
Continue reading SOC 2 Vulnerability Management Webinar

SOC 2 Vendor Management Webinar

In this webinar we team up with Blissfully, a SaaS management company that recently completed their own SOC 2 Type II.

What are the SOC 2 criteria for Vendor Management? What’s required to properly assess my vendor’s security? What will my SOC 2 auditor expect to see? What are the best practices others are using?

Topics in this webinar include:

  • Why vendor management is critical
  • What it means for SOC 2
  • How to leverage software
  • War stories from a recent audit
  • Sample vendor management audit questions

Download the webinar:
Continue reading SOC 2 Vendor Management Webinar

Whitepaper: How to Talk to About SOC 2 Before You’ve Done It

SOC 2 is a phrase that can strike fear and confusion into startups and small businesses, but there’s an easy way to talk about and respond to SOC 2 requests long before you undergo the time and expense of a formal SOC audit.

Most startups and SMBs first encounter the term “SOC 2” during the sales process when a customer asks if you are “SOC 2 compliant” or have a “SOC 2 certification.” In many cases, the customer or prospect doesn’t even know what SOC 2 really is, or what goes into a SOC 2 audit. They’ve just been told by their compliance director or security officer (or the pundit at an industry conference or webinar) that all vendors must “be SOC 2” to do business with their company. SOC 2 is as much a buzzword to many companies as it is an actual policy.

You can win SOC 2-contingent business by showing you understand the point of SOC 2, and that you can deliver SOC 2-style reliability even before you obtain formal compliance. The trick is understanding SOC 2 first.

Download full whitepaper here:

SOC 2 Self-Attestation Webinar

In this webinar we cover what to do before you have an audit. How do you build trust with customers? What documentation should you have ready to share? Is there ever a time when it makes sense to wait to have an audit performed? What if an audit seems to expensive?

Topics in this webinar include:

  • SOC 2 Preparation
  • Building Artifacts
  • Self-Attestation
  • Tracking Compliance
  • Documentation Examples

Continue reading SOC 2 Self-Attestation Webinar

SOC 2 Risk Analysis Mock Audit Webinar

Risk analysis and risk management is one of the most important processes of SOC 2 preparation. A finely tuned process helps organizations ensure that they are prioritizing for the right things, and not spending unnecessary money. Risk assessment is the process of identifying assets, impact of asset loss, and likelihood of occurrence. Risk management is the process of selecting controls or other risk responses to adequately prepare for negative events.

In this webinar we cover the key processes that should be focused on when building a risk assessment and management program. We help you prepare for the unknown and ask questions that may come up in an audit. We review several risk registers as well as cover common audit questions.

Topics in this webinar include:

  • Risk Analysis Policies
  • Risk Management Process
  • Asset Inventory
  • Mock Audit Questions
  • Audit Gotchas

Continue reading SOC 2 Risk Analysis Mock Audit Webinar

How long does it take to audit a smart contract?

One of the most common questions we receive is how much time smart contract auditing takes. The quick answer is ‘it depends‘, however in this post we’ll try to give you some guidance on how to plan for your audit.

Plan Ahead

Smart contract auditing should be included in your development plan from the very beginning. Too often, the decision to have an audit conducted is made at the last minute and it ends up costing more because of priority-rush charges.

We’re happy to work with you to turn an audit around quickly, but the best audit occur when all parties have plenty of time. We maintain high quality reviews in all cases, however when we have more time to work with our clients, it creates the best learning opportunities. Yes, it’s important to uncover vulnerabilities in smart contracts, but our goal is to help you learn from patterns we uncover so that future mistakes are prevented. Let us know before you’re ready and we can get you on our schedule ahead of time.

Audit Engagement

Once you’re ready for the audit, it takes a few days to initiate the project, finalize scoping, and sign our contact. You will be assigned a lead auditor and the audit of an average smart contract will take 2-14 days. This is completely dependent on the smart contract’s size and complexity. We’re happy to give time estimates before the project starts.

After we present you the audit findings, we will give you a remediation period and spend a couple days conducting remediation testing. Once all testing is complete, we will issue your public and internal reports.

This process can be completed from beginning to end in a about a week for simple contracts and up to a month for complex ones.

Smart Contract Audit

Since we launched our Smart Contract Audit service we’re constantly asked what information is needed to provide an accurate quote. The most significant piece of information we need is language and number of lines of code. That information alone will make a few assumptions and provide you back a quote quickly.

Here are few common questions we ask:

  • Please provide a brief overview of your project.
  • Do you have any hard deadlines for completion?
  • Can you give us a little more information on scope?
  • What version of Solidity are you using?
  • Does your contract rely on any external contracts?
  • Do you use any Solidity static code analyzers?
  • Do you have Solidity unit, and/or functional tests?

It’s ok if you don’t have all the answers. We’re here to help. If you’d like more information about our services, you can request a smart contract audit quote here.

SOC 2 Change Management Mock Audit Webinar

Change management is one of the first processes companies should focus on in a SOC 2 readiness project. Topics such as authorization, peer review, quality assurance, and documentation can be approached many different ways. Change management is a “daily process” in most organizations and can have a significant impact on the success of a SOC 2 audit. Additionally, change management procedures impact a number of employees include developers, quality assurance, and product management personnel. It’s critical “get it right.”

In this webinar we cover the key processes that should be focused on when planning for change management. We help you learn to think like an auditor and be fully prepared for anything that may come up. We review sample audit requests and then cover the details audited in change tickets.

Topics in this webinar include:

  • Change Management Policy
  • Change Management SDLC Documentation
  • Mock Audit Questions
  • Change Management Toolset
  • Audit Gotchas

Continue reading SOC 2 Change Management Mock Audit Webinar