top of page
Image showcasing the currently selected solution provided by The Security Agency in a real-life scenario.

Navigate the labyrinth of cybersecurity regulations and compliance frameworks with confidence. Our team can help you maintain your compliance requirements through automation or help you achieve your first certifications as you seek SOC2 compliance, HIPAA, PCI and ISO 27001.

SOC2 - if you're not mandated by a regulatory agency to adhere to a particular compliance framework, most organizations will self-select for the SOC2 Controls and begin with a SOC2 Type1 report (point in time) before graduating to a SOC2 Type2 (continuous) controls audit. Keep in mind that a SOC2 report is just that. A CPA reads your policies and writes a report that identifies whether you follow those policies and procedures. It is NOT a certification.

HIPAA - Health Insurance Portability and Accountability Act is indeed a certification, and not one that most organizations would select on their own volition. You will need a strong dose of maturity and controls in place in order to avoid having a CAP (Corrective Action Plan) created for any gaps or findings.

PCI - Payment Card Industry (or the longer form Payment Card Industry Data Security Standard) compliance is an established framework mandated by the major credit card brands. Even if you outsource the processing of payments to a third party (which is recommended for most organizations) you are still required to file an SAQ A (Self-Attestation Questionnaire) and an AoC (Attestation of Compliance).

ISO 27001 - in November of 2022 the internationally recognized and admired International Standards Organization release ISO/IEC 27001:2022. While it is perhaps the best known compliance standard and framework, it can be a bit much for most organizations to achieve. Unlike the SOC2 report, ISO 27001 is a certification. One of the downsides, however, is that it does not actually provide details of an audit or a company's findings (which the SOC2 does provide). So you get the certification but your customers, partners and vendors are left wanting for substance. For this reason, a large group of organizations that operate globally will seek the ISO 27001 in addition to having a SOC2 report.

Rather than enumerate another dozen or more compliance standards and frameworks here (almost all of which we are more than capable of delivering such as CMMC, NIST 800-171, NIST CSF, CIS Top Controls v8), we suggest that you contact us to set up a discussion about selecting the compliance approach that is right for your organization.


bottom of page