From 1e0a48c147d1995bf8f2ab521903218e6d271aa3 Mon Sep 17 00:00:00 2001 From: Warren Parad Date: Mon, 25 Sep 2023 19:06:56 +0200 Subject: [PATCH] Fix scroll to. --- src/components/auditors.vue | 8 ++++++++ src/components/home.vue | 14 +++++++++++--- src/components/homeNavbar.vue | 32 ++++++++++++++++++++++++++------ 3 files changed, 45 insertions(+), 9 deletions(-) diff --git a/src/components/auditors.vue b/src/components/auditors.vue index fcb0ef7..293b3ac 100644 --- a/src/components/auditors.vue +++ b/src/components/auditors.vue @@ -91,6 +91,14 @@   + + Doyensec + + + +   + + Rapid7 diff --git a/src/components/home.vue b/src/components/home.vue index 9323aae..4007532 100644 --- a/src/components/home.vue +++ b/src/components/home.vue @@ -102,25 +102,31 @@
-

What's the SOC 2 Process?

+

The SOC 2 Process

Earning a SOC 2 requires a Company to undergo a third-party examination by a Certified Public Accountant (CPA). The CPA is required to follow a set of AICPA standards to perform the audit and issue the report. Most companies follow a logical process to earning their SOC 2:

+

[Step 0] Do I need a SOC 2?

Since this is a marketing tool, the default is You don't need a SOC 2 certification. If you start losing deals because your customers are asking for one, then you can take the next step. Do not attempt SOC 2 before you have customers asking for it. It is a waste of time, money, and most importantly can slow your development process down. If you already have good security hygiene, getting a rubber stamp provides no additional value.

+

[Step 1] Readiness examination

An exercise where your Company finds out the current status of the organization as it relates to SOC 2 controls. Organizations use readiness examinations to prepare for their SOC 2 assessment and learn what gaps they must resolve before earning their SOC 2. Once you have completed this mini-internal audit, ask yourself, do I still need to get a SOC 2 rubber stamp?

+

[Step 2] Type I

Type I means you defined some policies. Companies with a Type I, means they have decided what processes they want to follow. However it doesn't even mean they are following them. This of the Type I as a set of security policy commandments. Having this list is can be a good start if you are looking for a way to improve your security posture. The Type I can be driving force in your organization.

+

[Step 3] Type II

- Type II is the proof you are following the policies and controls outlined in your Type I. After a specified period of time (anywhere from 3-12 months) organizations earn their first SOC 2 Type II. Typically the Type II review period begins the day after the date of the Type I review period.

+ Type II is the proof you are following the policies and controls outlined in your Type I. After a specified period of time (anywhere from 3-12 months) organizations earn their first SOC 2 Type II. Typically the Type II review period begins the day after the date of the Type I review period. +

+

[Step 4] Review

Your SOC 2 will essentially expire after 12 months. So if you want to keep it active, you are committing to paying for it on a recurring basis. And a huge part of that is reviewing your policies and every year you'll need to undergo a Type 2 examination to keep your SOC 2 current. @@ -343,7 +349,9 @@ const openGithub = gotoIssuePage => { window.open(`https://github.com/Rhosys/soc2.fyi/${path}`, '_blank'); }; -logger.track({ title: 'PageHit' }); +if (!window.location.href.match('localhost')) { + logger.track({ title: 'PageHit' }); +} diff --git a/src/components/homeNavbar.vue b/src/components/homeNavbar.vue index 8f6cba0..316f5c5 100644 --- a/src/components/homeNavbar.vue +++ b/src/components/homeNavbar.vue @@ -2,26 +2,26 @@