Do you need an ISO 27001 certification? Well…let’s answer a couple of questions. Does your organization operate outside of the US? Do you transmit, store, or receive sensitive information? If you answered yes to both, ISO 27001 is for you. But if you’re reading this, chances are you’re already considering getting certified. Maybe a client […]

Most businesses have a variety of ways to secure information–from multi-factor authentication policies to keycard-only access in an office. When you’re starting out, it can be easy to overlook security policies and practices in favor of “moving fast and breaking things.” But if you want to grow your business long-term, your prospects and customers need […]

It doesn’t seem like compliance frameworks are meant to be understood by busy founders or even mere mortals. For example, take a look at the AICPA guide on SOC 2. Not exactly bedtime reading. Yet, you need to understand the compliance frameworks to select the right one for your customers and business. Choose right and […]

HIPAA wasn’t written for tech startups. It’s difficult to translate vague, risk-focused HIPAA requirements into actionable controls and policies. What’s more, it takes significant time, money, and effort to become HIPAA-compliant. Yet many startups need HIPAA compliance to grow and thrive. Not only do startups need to meet HIPAA requirements to handle certain types of […]