We’re excited to announce that Riscosity has successfully completed its SOC 2 Type II audit. This is a big effort for any organization, and it shows our commitment to protecting our customers’ sensitive data.

Cloud infrastructure is subject to a wide variety of international, federal, state and local security regulations. Organizations must comply with these regulations or face the consequences. Due to the dynamic nature of cloud environments, maintaining consistent compliance for regulatory standards such as CIS, NIST, PCI DSS and SOC 2 benchmarks can be difficult, especially for highly regulated industries running hybrid or multi-cloud infrastructures.

You may have heard more about the SEC Form 8-K recently due to changes that went into effect on Dec 16, 2023. From the SEC’s press release.

Welcome back to our ongoing series on the Payment Card Industry Data Security Standard (PCI DSS). In our previous posts, we’ve covered the various requirements of this critical security standard. Today, we’re going to delve into Requirement 4, which focuses on protecting cardholder data with strong cryptography during transmission over open, public networks.

Technical vulnerabilities are areas of weakness in your source code or infrastructure that attackers could potentially exploit. It’s important for your business to address its technical vulnerabilities to protect itself from these types of threats, in addition to gaining or maintaining compliance with SOC 2 and ISO 27001. ‍ For many of these standards, you’re required to have vulnerability scanners running to ensure you’re continuously monitoring for new threats.

SOC 2 is an information security standard was created by the American Institute of Chartered Public Accountants (AICPA), as a way to provide assurance of an organisation’s management of data. SOC 2 compliance provides a framework to assess against five Trust Service Criteria (TSCs) – but more on those later. There are two types of SOC 2 compliance: Type I and Type II.

The Securities and Exchange Commission (SEC) in the United States approved their cyber rules on July 2023, originally proposed in March 2022 for public comments (SEC, 2022; 2023). This has sparked many conversations about how the board of directors and executive management should think about cybersecurity and to what extent public disclosures should be made about cybersecurity incidents and risks. Most notable among them is the requirement that material cyber incidents be reported within four days.

As global data privacy and cybersecurity regulations continue to increase, the pressure for organizations to manage compliance risk grows. The first step in your journey to better compliance risk management is compliance risk assessment. With risk management methodologies, a compliance risk assessment analyzes how an organization might not meet its regulatory compliance obligations.

Corporate compliance is not a new idea; for many years, organizations everywhere have had to comply with certain rules and standards to reduce risks and vulnerabilities. Those rules might be defined internally by the company’s compliance team or by an external party such as a regulatory agency — but either way, they are rules that the company must follow. An effective compliance function assures that the organization complies with both internal and external rules.