For those that were monitoring the wire, ISO/IEC 27001:2019 (ISO 27701) was released the week of August 5th. In draft form, it was previously labeled ISO/IEC 27552 (should you be wondering why that specific standard number has not been issued). You can obtain a copy of the published version here: https://www.iso.org/standard/71670.html.

NOTE: Schellman has since updated this content, which you can find here. According to the Identity Theft Resource Center, we saw 781 data breaches in 2015 that totaled hundreds of millions of stolen records, many of which included personally identifiable information about customers—names, addresses and Social Security numbers.

An ISO 27001 certification can help your business stand out. It lets your customers and potential customers know you care about and will protect their information. It can also help you streamline internal processes.

In the popular modern musical Hamilton, the titular character is given an opportunity by George Washington. Hamilton can stay on the front lines of the American Revolution, or he can become the general’s aide-de-camp. It’s a choice between gaining glory amidst the fighting or an office job with an opportunity to influence who would become our first president.

According to the Identity Theft Resource Center, we saw 781 data breaches in 2015 that totaled hundreds of millions of stolen records, many of which included personally identifiable information about customers—names, addresses and Social Security numbers.

Have you ever wondered if the ISO 27001 certification is at all similar to a SOC 2 report? Many organizations today are dealing with multiple needs or demands for various compliance assessments or certifications. These organizations might wonder, “How can my ISO 27001 certification fit the needs for a SOC 2 report?” and vice versa. Below we have outlined the similarities and differences between an ISO 27001 certification and a SOC 2 examination.

Depending on your experience when you were a kid, you may have had to get your parent’s permission to do certain things—typically, big events, like sleepovers or school field trips. Without their okay, it wasn’t happening. (Or, if you circumvented them, things likely didn’t end up well when they found out.)

In the last 12 months, the Cloud Security Alliance (CSA) has made great strides in enhancing their CSA Security, Trust and Assurance Registry (STAR) Program. In brief, the STAR Program is a publicly available registry designed to recognize assurance requirements and maturity levels of cloud service providers (CSPs). Prior to issuing the guidance for STAR Certification and STAR Attestation, a CSP could only perform a self-assessment, which meant completing the Consensus Assessments Initiative questionnaire (CAIQ) and making the responses publicly available on the CSA Register. The CAIQ was completed in several different ways and the content varied from short answers to full-page responses. It was relevant information but not independently validated. This created a path for the STAR Certification and STAR Attestation Programs.