The Service Organization Control (SOC) standard is a well-known, but often misunderstood, approach to cybersecurity. It’s not mandatory, it has several methods, and some attestations involve different types of reports and assessments.
Sometimes, the most difficult challenge is understanding the breakdown between reports. While SOC 2 is the most well-known and deployed assessment on the market, many organizations opt to get a SOC 3 report.
We’ve already been seeing the changes for months now: new, robust cookie acceptance disclaimers, longer and more involved data collection forms and an uptick in fines for U.S. companies operating in the European Union.
Companies in the United States are starting to understand their regulatory responsibilities under EU law, but few actually understand the scope of their obligations. Here, we’ll discuss some of the impacts that GDPR has on U.S. businesses and if that will trickle down to companies of all sizes.
In November 2020, California voters approved Proposition 24, including the California Privacy Rights Act, or CPRA. This law amends and expands regulations under the original California Consumer Privacy Act (CCPA).
One question that affected businesses asks is, “how can I prepare for CPRA compliance?” With the law taking effect on January 1, 2022, the clock is ticking, and many organizations are looking for ways to complete final compliance preparations.
Here, we will talk about some of the basic steps for CRPA compliance.