What is SOC 2? 

What is SOC 2 and SOC 2 compliance?

Why SOC 2 compliance is important for protecting sensitive data and building customer trust   SOC 2 (Systems and Organisations Controls 2) is a comprehensive reporting framework used for the assessment and subsequent testing of controls relating to the Trust Services Criteria (TSC) of security. It’s basically a set of compliance requirements outlining what companies should adhere to when using cloud-based … Read More

Why use compliance monitoring as a part of your cybersecurity program? 

Use compliance monitoring as a part of your cybersecurity program

Compliance monitoring is a key part of any cybersecurity program. It is a continuous process used to ensure staff are following procedures and policies put in place to protect company assets. Regulatory compliance monitoring is key to spotting potential issues in any organisation’s function or operations. However, it is now becoming extremely difficult for companies around the world to meet their regulatory … Read More

Breaking down new SEC rules on cybersecurity risk management

Breaking down new SEC rules on cybersecurity risk management

What are the new SEC rules on cybersecurity risk management disclosure? The Securities and Exchange Commission (SEC) has introduced new rules to enhance and standardise disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies.  According to the SEC rules on cybersecurity, proposed amendments to already existing rules would require, among other things, current reporting about material … Read More

How has supplier due diligence responded to modern supply chain threats?

supplier due diligence

With the European Union forecasting that this year will see a four-fold increase in software supply chain attacks in 2021, compared to last year, vendor security has become an enormously important priority for almost every business this year. On the heels of cybersecurity incidents like the SolarWinds breach and the Codecov cyberattack, we need to relook at our processes; all … Read More

Trends shaping the traditional compliance risk assessment in 2021

traditional compliance risk assessment in 2021

In today’s tumultuous global landscape and complex regulatory environment, compliance is the one reliable way organisations can make sure the wheels aren’t flying off. What we’ve seen though is that our general approach to compliance risk assessments fail to create a more proactive spirit across our operations. With the disruptions caused by the pandemic, the insidious nature of modern cyberattacks, … Read More

The case for automation in compliance mapping

RiskXchange The case for automation in compliance mapping RiskXchange The leader in Third-Party Cyber Risk Management

RiskXchange is one of the firms leading the fight against cybercrime.  Due to the increase of cybercrime, compliance documentation processes are becoming increasingly more in demand. Automation has become an important part of the industry, especially now that hacks are more sophisticated and the talent able to tackle them is sparse.   Automation processes throw up seemingly infinite options, making it extremely difficult … Read More

How changes in cybersecurity regulation by the DOD could impact your VRM strategy

file 2 RiskXchange The leader in Third-Party Cyber Risk Management

RiskXchangecan fully assess third-party risk factors to ensure your business complies with specific programs and frameworks. The Department of Defense (DOD) has launched a relatively new protection mechanism called the Cybersecurity Maturity Model Certification (CMMC), which is a unifying standard for the implementation of cybersecurity across an organisation. The CMMC has been created to help regulate the cybersecurity practices of … Read More

Understanding FISMA and its impact on government organisation’s cybersecurity

Understanding FISMA and its impact on government organisations cybersecurity RiskXchange The leader in Third-Party Cyber Risk Management

RiskXchange can ensure organisations across America and around the world are FISMA compliant. The Federal Information Security Management Act (FISMA) is a federal law passed in the United States in 2002 that outlines an information security framework for government agencies and their third-party vendors to follow. The aim of the act is to ensure that information security is a high priority for … Read More