SOC2 Compliance
System and Organization Controls (SOC) compliance is a set of auditing procedures to evaluate and validate an organization's information security practices, especially for privacy and data protection.
As engineers, our code changes must be authorized, documented, and approved as part of the change management controls. This is typically done by associating our work with Jira tickets and the audit trail they provide.
As engineers, our code changes must be authorized, documented, and approved as part of the change management controls. This is typically done by associating our work with Jira tickets and the audit trail they provide.
Dependency Updates
Keeping our dependent code libraries and packages up to date ensures that we avoid being vulnerable to security exploits and bugs as they are discovered.
Most major libraries document their release cycles and announce Long Term Support (LTS) to make it easy for developers to prioritize when and how to update.
Most major libraries document their release cycles and announce Long Term Support (LTS) to make it easy for developers to prioritize when and how to update.
Code Scanning Tools
Code scanning tools help us automatically identify vulnerabilities, outdated dependencies, and bugs in our code.
These tools can be integrated into our CI/CD pipelines to scan our code and prevent unsecure code from being introduced.
These tools can be integrated into our CI/CD pipelines to scan our code and prevent unsecure code from being introduced.
Best Practices
Integrating secure coding practices into our day to day development process proactively reduces the risk of security vulnerabilities.
Examples include strict input validation and output scrubbing, following the principle of least privilege, secure configuration storage, and thorough code reviews.
Examples include strict input validation and output scrubbing, following the principle of least privilege, secure configuration storage, and thorough code reviews.
