Compliance Superpowers!



· 1 min read

compliance how-to

Learn how the Catalytic team met our compliance goals without slowing down innovation!

When we started our compliance journey, we knew we wanted to meet our compliance goals in a way that improved our ability to innovate rapidly rather than slowed it down. We learned a lot along the way, and after successfully completing our SOC2 and HIPAA audits we wanted to share what we had learned. Below is the deck from a talk we gave at the AWS Chicago user group on August 16th, 2018. We covered:

  • Why engineering orgs should think of compliance as an opportunity rather than a set of new requirements
  • How to prepare for your audit, and what to expect before, during and afterwards.
  • How your change management system is the foundation for all of your technical controls
  • How to set up multiple AWS accounts to improve isolation and auditability
  • How to set up AWS access control for maximum auditability and ease of maintenance
  • How do set up baseline monitoring and logging to meet compliance requirements without requiring 3rd party services
  • How to meet encryption requirements in AWS
  • How to build your infrastructure to monitor and minimize the risk of vulnerabilities and malware