Search Results

RDS Disaster Recovery / Replication Optionsa) Multi-AZ Deployment (same region)What it does: AWS runs a standby instance in a different AZ within the same region. Storage is synchronous.Failover: Automatic within minutes if the primary fails.Cost impact: You p...

What It MeansIn our case, “Off Cloud Devices” are the laptops and workstations our employees use that are not hosted in the cloud — for example, personal laptops (BYOD: Bring Your Own Device).SOC 2 does allow BYOD, but only if we can show that strong security ...

Source: https://secureframe.com/hub/soc-2/policies-and-proceduresAll SOC 2 examinations involve an auditor review of your organization’s policies.Policies must be documented, formally reviewed, and accepted by employees.Each policy supports an element of the o...

Key Parameters for Selecting a SOC 2 Compliance VendorSpeed / Time to ComplianceCost & Pricing TransparencyEase of IntegrationQuality of Support & UsabilityAICPA / CPA Firm RecognitionReputation & Track RecordScope & Framework CoverageCustomization & Flexibili...

A. Certifications Available in the Market (Audited, Formal Certificates)SOC 2 Type II – U.S. SaaS trust standard, most common in procurement. OverviewISO/IEC 27001 – International information security certification.ISO/IEC 27701 – Privacy management (extension...

1. Handle the SOC 2 Report with Care - ADVISED NOT TO MAKE PUBLICTreat it as confidential. Share it only with necessary parties—like customers or partners—under NDA, not publicly.Limit internal access. Only grant report access to employees who truly need it (e...

When we partner up with a vendor platform usually they bring up their own qualified partner auditor for the audit, where their team sits with the auditor for conducting the audit and keeps us out of the audit process. To conduct a SOC 2 audit, an auditor must ...

1. Gap Analysis Before AuditRisk: Going straight to audit without preparation leads to gaps being discovered too late.Mitigation: Run an internal gap assessment (with a consultant or using a vendor platform). Fix gaps before engaging the auditor. [Before our e...

Pen Testing should only be required if your policies say you'll be performing them at some frequency - SOC2 doesn't mandate pen testing (although it is a best practice). COSTS : $8k+ for one timeYou may have other options available, depending on how you have ...

PurposeWhen we integrate with third-party vendors (e.g., Workday, Salesforce, Stripe, AWS, GCP, Slack), we inherit some security and compliance risks.To reduce these risks and meet SOC 2 and customer obligations, we require that critical vendors maintain indus...

A - Available options in the market for certsB - Available options in the market for frameworksC - What certs and frameworks we needD - Third party integrations - what certs and frameworks we expect from them (Like workday, posthog...)E - Cert and Frameworks s...

Ideation & AwarenessUnderstand product security ✅Discussion: GD (business impact), Nilesh (feasibility). ✅Certification Analysis List out certification options out there✅List certifications which are on prime focus for us ✅Assess current infra, policies, pro...

This is a draft and outlines what we can consider from a third party vendor also this will require us to design complete detailed policy needs to be made around this and needs to be proved to the auditor with actually providing them with evid. Also rolling out...

Vendor Reachout Process ✅Reachout - how will we be reaching out them, background, questionaires, sharing available demos and walkthroughs of the product, getting stuff solved through mail mostly and then hopping on calls to get into more specifics. Finalizing ...

SCORING SHEET : https://docs.google.com/spreadsheets/d/1M0mCCD9NrPd45vE5N6tzwNj9nFfqYgmMSzJ_iakl3oA/edit?gid=0#gid=0 1. PricingPlatform + Audit: $18,000/year 2. Timeline (depends on current security posture)Total duration: ~4-5 months3 months observation perio...

SCORING SHEET : https://docs.google.com/spreadsheets/d/1M0mCCD9NrPd45vE5N6tzwNj9nFfqYgmMSzJ_iakl3oA/edit?gid=0#gid=0 1. PricingPrice (for Bynry): $7,000/year - Platform OnlyAudit Cost - $5k-7k Package: Drata Foundation Package2. Timeline (depends on current s...

SCORING SHEET : https://docs.google.com/spreadsheets/d/1M0mCCD9NrPd45vE5N6tzwNj9nFfqYgmMSzJ_iakl3oA/edit?gid=0#gid=0 1. PricingEstimated Pricing: $5,000 – $5,500/yearIncludes SOC 2 Type II and NIST coverage2. Timeline (depending upon current security posture)S...

Monitoring - The system has the ability to be monitored to provide metrics that can prevent outages and must provide immediate alerts in case of an outage in any system component. Alerting must be interoperable with third-party software (e.g. Pager Duty) via w...

AWS to GCP GKE Migration Current State vs Target StateComponentAWS CurrentGCP TargetContainer OrchestrationECSGKEContainer RegistryECRGCR/Artifact RegistryDatabaseRDSCloud SQLCacheElastiCacheMemorystoreStorageS3Cloud StorageCDNCloudFrontCloud CDNComputeEC2GCEM...

1. Pricing [Exact Figures will be shared soon]2. TimelineTotal duration: ~4 months2 - 3 weeks of Implementation* + 3 months observation period (mandatory) + 1 - 1.5 weeks of Audit -----  approx. 4 months in total to get ReportObservation period: Starts only af...