Blog

ControlMap Infosec Blog

Check out our resources, ideas & guidance for creating an automated and scalable Infosec Compliance practice.

/_next/static/media/svg-horizontal.85e8651f.svg
Select Category...
block-3.jpeg
Blog

Five things to do for SOC 2 before auditors arrive

Getting ready for your SOC 2 audit? Here is a SOC 2 compliance checklist with the 5 things that you should do while getting ready for the yearly SOC 2 audit.
Read More
block-4.png
Blog

SecOps DevOps DevSecOps Infosec Compliance

Here is a brief overview of the differences between DevOps, SecOps, and DevSecOps and how they play a role in IT compliance. Read along to know about it.
Read More
block-2.png
Blog

5 steps to foster a culture of IT compliance

What is a culture of compliance and how to create a culture of compliance? Here are the 5 steps for building a solid culture of compliance in your company.
Read More
Reaching the Summit watch now.png
Blog

Webinar retrospective Reaching the Summit

It may sound overwhelming but if you take a risk-based approach to achieve cybersecurity compliance, you'll find it much less intimidating and the results will most likely satisfy whatever audit framework you choose to pursue.
Read More
ISOIEC 27001 .png
Blog

A Beginner’s Overview of ISO/IEC 27001

A Beginner’s Overview of ISO/IEC 27001 is intended to help you understand what it is, its importance, and how to begin the journey toward ISO 27001 certification.
Read More
policy.png
Blog

Top 10 Policies for SOC 2, ISO 27001 compliance

Here is a list of the Top Ten Mandatory policies that each company should put in place when they start their SOC2, ISO 27001, or FEDRAMP journey. Along with each policy, you will find included a brief description of what that policy means, why it is required, and the topics you should cover.
Read More
CMMC.png
Blog

Why the Cybersecurity Maturity Model Certification (CMMC) Matters Now?

The Cybersecurity Maturity Model Certification (CMMC) is here. As mentioned in other blog posts, without a single standard to govern all cybersecurity risks, industries and regulatory bodies are authoring and enforcing their own frameworks to address the specific needs of their given domains. It should come as no surprise that the Department of Defense (DOD) – the government agency charged with keeping the United States safe – would have their own set of standards for contractors, too.
Read More
securityblocks.png
Blog

Information Security Policy, How do you create one?

If your organization handles any type of sensitive information, safely managing it should be a top priority. Writing a sound information security policy can ensure Confidentiality, Integrity, and Availability of information systems to protect your organization from security risks and strengthen your business. But how do you write one? Let’s start with the basics.
Read More
Online_learning.png
Blog

Top 5 Reasons to Complete the CAIQ Right Now

Imagine this: It’s Friday afternoon after a long week. You are about ready to log off for the day (is that even possible anymore?) when you get the message: A large prospect is ready to sign a contract (or an important customer is ready to renew). They just have “a few questions” that need answering....
Visit Site
spot the difference.png
Blog

SOC2 vs ISO27001

Learn what ISO 27001 and SOC 2 compliance is? What is the difference and similarity between them? Read along to know everything about it.
Visit Site