News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Ensure all managers conduct periodic (at least once a year) evaluation performance reviews for their employees and document them

Achieving SOC 2 compliance is a critical step for startup founders looking to establish credibility, foster customer trust, and attract corporate clients. In this guide, we'll delve into why SOC 2 compliance is important, provide examples of its impact, and offer a detailed step-by-step manual focusing on the periodic evaluation and documentation of employee performance reviews, a key aspect of maintaining SOC 2 compliance.

Prepare and follow an infosec policy and ensure it includes detailed R&R (roles and responsibilities)

One pivotal strategy for startups to gain and maintain trust is achieving SOC2 compliance. The journey towards compliance begins with the development of an information security policy, intricately woven with detailed roles and responsibilities (R&R). In this guide, we will delve into the importance of SOC 2 compliance, provide real-world examples, and offer a detailed step-by-step manual focusing on preparing and following an information security policy with emphasis on roles and responsibilities.

SOC 2

Conduct employee background / reference checks (store interview and background checks / reference call summaries in Google Drive, folder per employee)

One crucial aspect of SOC2 compliance is conducting thorough employee background and reference checks. In this guide, we'll explore the importance of SOC 2 compliance, its impact on customer trust, and provide a detailed step-by-step manual on conducting employee background and reference checks.

SOC 2

Conduct periodic (at least once a year) secure development training for R&D employees

SOC 2 is a framework designed to ensure that companies securely manage and protect customer data. In this guide, we'll delve into why SOC 2 compliance is crucial, provide examples of its impact, and then focus on a critical aspect – conducting periodic secure development training for R&D employees.

SOC 2

Conduct periodic (at least once a year) security awareness training for all employees

SOC 2 is a widely recognized framework for managing and securing sensitive data. In this guide, we will delve into the importance of SOC 2 compliance, highlight examples of its significance, and provide a detailed step-by-step manual for conducting periodic security awareness training—an essential component of SOC 2 compliance.

SOC 2

Record and store all IT access request / revoke tickets

Achieving SOC 2 compliance is a crucial step for startups to demonstrate their commitment to protecting sensitive information and building trust with potential corporate customers. As part of this compliance journey, an essential practice is to meticulously 'Record and store all IT access request/revoke tickets.' In this guide, we'll delve into why SOC2 compliance is essential, showcase its importance through examples, and provide a detailed step-by-step manual on the specific topic of 'Recording and Storing all IT Access Request/Revoke Tickets.'

SOC 2