The Compass:
More posts
Article
Managing the move from ISO 27001 certification to SOC 2 completion
We partnered with SecFix on this article to share the differences between ISO 27001 certification and SOC 2 completion, and how you can leverage your work from one to the other.
READ MORE
Article
Penetration Testing: Why It’s Important + Common Types
Penetration testing simulates an outside attack on your applications and network. Drata shares the types of pen tests and how to conduct one to prevent risk.
READ MORE
Blog Post
7 min read
What controls are required for SOC 2® reports?
There is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literature that set the standards, the true answer is this: There are absolutely no control requirements for SOC 2 reports.
READ MORE