Learn how the Catalytic team met our compliance goals without slowing down innovation!
When we started our compliance journey, we knew we wanted to meet our compliance goals in a way that improved our ability to innovate rapidly rather than slowed it down. We learned a lot along the way, and after successfully completing our SOC2 and HIPAA audits we wanted to share what we had learned. Below is the deck from a talk we gave at the AWS Chicago user group on August 16th, 2018. We covered:
- Why engineering orgs should think of compliance as an opportunity rather than a set of new requirements
- How to prepare for your audit, and what to expect before, during and afterwards.
- How your change management system is the foundation for all of your technical controls
- How to set up multiple AWS accounts to improve isolation and auditability
- How to set up AWS access control for maximum auditability and ease of maintenance
- How do set up baseline monitoring and logging to meet compliance requirements without requiring 3rd party services
- How to meet encryption requirements in AWS
- How to build your infrastructure to monitor and minimize the risk of vulnerabilities and malware