Compliance Superpowers!

Learn how the Catalytic team met our compliance goals without slowing down innovation!

When we started our compliance journey, we knew we wanted to meet our compliance goals in a way that improved our ability to innovate rapidly rather than slowed it down. We learned a lot along the way, and after successfully completing our SOC2 and HIPAA audits we wanted to share what we had learned. Below is the deck from a talk we gave at the AWS Chicago user group on August 16th, 2018. We covered:

• Why engineering orgs should think of compliance as an opportunity rather than a set of new requirements
• How to prepare for your audit, and what to expect before, during and afterwards.
• How your change management system is the foundation for all of your technical controls
• How to set up multiple AWS accounts to improve isolation and auditability
• How to set up AWS access control for maximum auditability and ease of maintenance
• How do set up baseline monitoring and logging to meet compliance requirements without requiring 3rd party services
• How to meet encryption requirements in AWS
• How to build your infrastructure to monitor and minimize the risk of vulnerabilities and malware

Slides from last night's @AWSChicago compliance talk are up at https://t.co/PtI5UHcMiB

— Ben Blair (@stochastic_code) August 17, 2018