Blog Posts

Welcome to our blog index. The sections below organize compliance topics into areas of interest. If you're new to compliance, check out our introduction to compliance series. For IT system administrators and software developers, the architecture and design section is for you. If you're interested in QA/QC topics, check out the QMS and SOP sections.

Introduction to Compliance

Our introduction to compliance series of blog posts outlines the regulatory and security challenges organizations face as they grow, establishes a baseline for what compliance is, and introduces a guide for identifying which compliance level your organization is currently operating at. If you're new to compliance or don't know which compliance level your organization is/should be operating at, the posts below are a good place to start.

• Why Compliance Matters
• What is Compliance
• Minimal Viable Compliance (MVC)
• Compliance Levels

Quality Management Systems (QMS)

This section covers a wide range of topics concerning QMSs. Many of these posts will introduce new ways of building and maintaining a QMS that makes your company more efficient, secure, and compliant!

• What is a QMS? (PDCA)
• Policies and Procedures
• Formal training, qualification, R&R, and defining your org structure
• SLOs and SLAs to measure and enforce quality
• Continual Improvement through CAPAs
• Validation vs Testing
• Electronic Signatures
• Version Control and ALCOA++

Regulations and Standards

• GDPR
• ISO
• SOC
• FedRamp
• GxP / ICH

Standard Operating Procedures (SOPs)

• System Backup and Recovery
• Product Development and Delivery
• Systems Management and Monitoring
• Employee Engagement (qualify and train)
• Code of Conduct
• Client Engagement
• Sales and Marketing
• Financial Management
• Quality Assurance (audits and SMT oversight)
• Fraud, anti-bribery, conflict of interest and disclosure
• Business Continuity
• Data Management (PII, Public, Private)
• Vendor Management
• Document Management (GDP)
• Deviation Management (CAPAs)
• Records Management (evidence)
• Risk Management
• Incident Management

Architecting, Designing, Implementing, and Operating Technology Services

This section is for architects, IT system administrators, and software engineers looking for new ways of thinking about the systems you build and how you operate. Many of these posts will go into detail on automating the compliance checks needed for L2 and L3 organizations so you can focus on quickly shipping amazing software solutions that are secure and compliant.

• Service Architecture and Design
• Why our tech stack?
• Implementation (SDLC, CI/CD)
• Operations (DevOps)
• Hardware
• Network - EIF, IPS, IDS, DNS, SIEM, Honeypots
• Compute - OSs, virtualization, CVE management
• Storage - EAR, RAID, B&R
• Services - monitoring, logging, alerting, IDP, 2FA
• Security - CVE, artifacts, plugins, pinning
• SDLC - OWASP, linting, CI/CD, testing, design
• Logging, Monitoring, and Alerting
• Data Loss Prevention