PCI compliance is a hot topic these days. While payment processing seemed like the domain of large enterprises and retailers, the expansion of cloud-based processing and online storefronts have blurred the lines between processors, merchants and secure, compliant systems. 

Many organizations seek their PCI compliance certification to cover their bases with payment processing and data storage. As these enterprises collect card data, payment information, and other data types, this compliance helps them maintain good standing with the credit card companies and their customers. 

Learn the basics of PCI compliance and auditing in this article. 

Read More

The Service Organization Control (SOC) standard is a well-known, but often misunderstood, approach to cybersecurity. It’s not mandatory, it has several methods, and some attestations involve different types of reports and assessments. 

Sometimes, the most difficult challenge is understanding the breakdown between reports. While SOC 2 is the most well-known and deployed assessment on the market, many organizations opt to get a SOC 3 report. 

Read More