SOC 2 Penetration Testing Requirements

What SOC 2 requirement applies? How do I know we’re ready? What’s the required scope? How do I get the most out of my test?

Topics in this webinar include:

  • When it’s time to schedule a pen test
  • Mistakes found in first-time pen tests
  • What to expect during the test and how to make it more effective
  • How to use pen testing in security awareness training

Download the webinar:

Continue reading SOC 2 Penetration Testing Requirements

SOC 2 Checklist – Week by Week

What does a weekly project plan and checklist look like for SOC 2 readiness? How do you prioritize practically? What are the key tasks I need to accomplish each week? 

Topics in this webinar include:

  • SOC 2 Checklist
  • 12-week readiness project plan
  • Key tasks prioritized weekly
  • Visual overview of the readiness process
  • Healthy readiness expectations

Download the webinar:

Continue reading SOC 2 Checklist – Week by Week

SOC 2 : A Tactical Approach Webinar

So you have been working on readiness; now what? How do I know I am ready for an audit? What kind of evidence do I need? What, exactly, will an auditor be asking for?  

Topics in this webinar include:

  • What evidence do you need to collect in advance
  • Who in your organization needs to ready
  • What effective compliance management looks like
  • Get inside your auditor’s head

Download the webinar:

Continue reading SOC 2 : A Tactical Approach Webinar

SOC 2 Vendor Management Webinar

In this webinar we team up with Blissfully, a SaaS management company that recently completed their own SOC 2 Type II.

What are the SOC 2 criteria for Vendor Management? What’s required to properly assess my vendor’s security? What will my SOC 2 auditor expect to see? What are the best practices others are using?

Topics in this webinar include:

  • Why vendor management is critical
  • What it means for SOC 2
  • How to leverage software
  • War stories from a recent audit
  • Sample vendor management audit questions

Download the webinar:
Continue reading SOC 2 Vendor Management Webinar

SOC 2 Self-Attestation Webinar

In this webinar we cover what to do before you have an audit. How do you build trust with customers? What documentation should you have ready to share? Is there ever a time when it makes sense to wait to have an audit performed? What if an audit seems to expensive?

Topics in this webinar include:

  • SOC 2 Preparation
  • Building Artifacts
  • Self-Attestation
  • Tracking Compliance
  • Documentation Examples

Continue reading SOC 2 Self-Attestation Webinar

SOC 2 Risk Analysis Mock Audit Webinar

Risk analysis and risk management is one of the most important processes of SOC 2 preparation. A finely tuned process helps organizations ensure that they are prioritizing for the right things, and not spending unnecessary money. Risk assessment is the process of identifying assets, impact of asset loss, and likelihood of occurrence. Risk management is the process of selecting controls or other risk responses to adequately prepare for negative events.

In this webinar we cover the key processes that should be focused on when building a risk assessment and management program. We help you prepare for the unknown and ask questions that may come up in an audit. We review several risk registers as well as cover common audit questions.

Topics in this webinar include:

  • Risk Analysis Policies
  • Risk Management Process
  • Asset Inventory
  • Mock Audit Questions
  • Audit Gotchas

Continue reading SOC 2 Risk Analysis Mock Audit Webinar

How long does it take to audit a smart contract?

One of the most common questions we receive is how much time smart contract auditing takes. The quick answer is ‘it depends‘, however in this post we’ll try to give you some guidance on how to plan for your audit.

Plan Ahead

Smart contract auditing should be included in your development plan from the very beginning. Too often, the decision to have an audit conducted is made at the last minute and it ends up costing more because of priority-rush charges.

We’re happy to work with you to turn an audit around quickly, but the best audit occur when all parties have plenty of time. We maintain high quality reviews in all cases, however when we have more time to work with our clients, it creates the best learning opportunities. Yes, it’s important to uncover vulnerabilities in smart contracts, but our goal is to help you learn from patterns we uncover so that future mistakes are prevented. Let us know before you’re ready and we can get you on our schedule ahead of time.

Audit Engagement

Once you’re ready for the audit, it takes a few days to initiate the project, finalize scoping, and sign our contact. You will be assigned a lead auditor and the audit of an average smart contract will take 2-14 days. This is completely dependent on the smart contract’s size and complexity. We’re happy to give time estimates before the project starts.

After we present you the audit findings, we will give you a remediation period and spend a couple days conducting remediation testing. Once all testing is complete, we will issue your public and internal reports.

This process can be completed from beginning to end in a about a week for simple contracts and up to a month for complex ones.

Smart Contract Audit

Since we launched our Smart Contract Audit service we’re constantly asked what information is needed to provide an accurate quote. The most significant piece of information we need is language and number of lines of code. That information alone will make a few assumptions and provide you back a quote quickly.

Here are few common questions we ask:

  • Please provide a brief overview of your project.
  • Do you have any hard deadlines for completion?
  • Can you give us a little more information on scope?
  • What version of Solidity are you using?
  • Does your contract rely on any external contracts?
  • Do you use any Solidity static code analyzers?
  • Do you have Solidity unit, and/or functional tests?

It’s ok if you don’t have all the answers. We’re here to help. If you’d like more information about our services, you can request a smart contract audit quote here.

SOC 2 Change Management Mock Audit Webinar

Change management is one of the first processes companies should focus on in a SOC 2 readiness project. Topics such as authorization, peer review, quality assurance, and documentation can be approached many different ways. Change management is a “daily process” in most organizations and can have a significant impact on the success of a SOC 2 audit. Additionally, change management procedures impact a number of employees include developers, quality assurance, and product management personnel. It’s critical “get it right.”

In this webinar we cover the key processes that should be focused on when planning for change management. We help you learn to think like an auditor and be fully prepared for anything that may come up. We review sample audit requests and then cover the details audited in change tickets.

Topics in this webinar include:

  • Change Management Policy
  • Change Management SDLC Documentation
  • Mock Audit Questions
  • Change Management Toolset
  • Audit Gotchas

Continue reading SOC 2 Change Management Mock Audit Webinar