Episode 14 - Surviving Audits 101: The Do’s, Don’ts, and Strategies for Seamless Security Compliance

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/38/52/05/385205c3-01e4-36ee-6459-ee073d5befe1/mza_15577111512265360544.jpg/600x600bb.jpg

Scytale

27 episodes

2 days ago

The podcast that breaks down security compliance into bite-size pieces, empowering compliance leaders everywhere to navigate this beast. Listen in as we unravel together the complexities of frameworks like SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR and more, and dive into the era of compliance automation.

Technology

RSS

All content for Scytale is the property of Scytale and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_episode/29301052/29301052-1707995673533-a7f930de0524c.jpg

Episode 14 - Surviving Audits 101: The Do’s, Don’ts, and Strategies for Seamless Security Compliance

Scytale

32 minutes 35 seconds

1 year ago

Episode 14 - Surviving Audits 101: The Do’s, Don’ts, and Strategies for Seamless Security Compliance

In this episode of Comply or Die, host Kyle Morris interviews guest Raymond Cheng, a seasoned professional with over 10 years of experience in cybersecurity and compliance.

Raymond shares insights from his extensive career, working with Big Four accounting firms, global tech giants like Google and Salesforce, and his current venture, Decrypt Compliance.

The conversation covers the evolution of security compliance, the importance of balancing business goals with compliance, the role of auditors, and valuable tips for navigating audits successfully.

Topics discussed:

- Raymond Cheng's diverse career journey in cybersecurity and compliance, from Big Four firms to global tech companies like Google and Salesforce.

- The importance of balancing business objectives with security compliance and the significance of strong communication and understanding in compliance management.

- The founding of Decrypt Compliance by Raymond Cheng to address the evolving needs of companies in the security compliance landscape.

- Insights into the changing IT landscape over the years, particularly the impact of cloud computing on security compliance frameworks.

- Dos and don'ts for organizations preparing for audits, including the significance of seeking expertise, understanding compliance as a programmatic process and maintaining open communication with auditors.

- Raymond Cheng's advice on what organizations should ensure and avoid when entering a compliance framework or preparing for an audit, emphasizes the importance of integrating security considerations, risk assessments, training, and feedback loops.

Key takeaways and lessons:

- Security compliance should not be seen as a one-time project but as an ongoing program that requires continuous assessment and improvement.

- Organizations should prioritize top-down commitment to security, integrate security considerations across policies and procedures, conduct regular risk assessments, and invest in training and competency checks for employees.

- Incorporating feedback loops through internal and external audits, penetration testing, and comparison with industry frameworks can help organizations identify gaps and enhance their security measures.

- When preparing for audits, organizations should avoid attempting to navigate compliance alone, understand the dynamic nature of compliance frameworks, and engage in open dialogue with auditors to maximize the value of the audit process.

- Compliance is not just about meeting requirements but aligning security practices with business objectives and customer expectations to build trust and enhance brand reputation.

Connect with Raymond Cheng: LinkedIn: https://www.linkedin.com/in/raymondvcheng/Decrypt Compliance: https://decrypt.cpa/

Get in Touch:

Host - Kyle Morris: https://www.linkedin.com/in/morribiscuit/

Podcast Manager: https://www.linkedin.com/in/ilona-van-der-berg-b9055189/Website: ⁠https://scytale.ai/scytale-podcasts/⁠

⭐️⭐️⭐️⭐️⭐️

Rate & follow this show, it helps others find the podcast!