@Erik Osterman (Cloud Posse) has joined the channel
O
Ozzy Aluyiover 2 years ago
@Ozzy Aluyi has joined the channel
J
Jonathan Euniceover 2 years ago
@Jonathan Eunice has joined the channel
E
erikover 2 years ago
set the channel description: Discuss topics related to compliance.
E
erikover 2 years ago
set the channel description: Discuss topics related to compliance. See also #security.
Jonathan Euniceover 2 years ago
Yesterday’s discussion on FedRAMP, compliance != security, and related topics was excellent. Good to know I’m not struggling with these things alone.
Jonathan Euniceover 2 years ago(edited)
Little background on us: 3Play Media Inc. takes in audio and video and processes it with combination of AI (really, ML, but who’s counting when “AI” is the hot hype word) and human review/correction to produce captions, subtitles, transcripts, audio descriptions, and other accessibility enhancements. We are Cloud Posse graduates (i.e. now in production). Our cloud product, the 3Play Platform, passes SOC 2 and GAAS audits and pentest on our EKS infrastructure/estate. Another part of 3Play passes separate TPN (Motion Picture Association) audit more oriented to on-prem processing model. We are also HIPAA, GDPR, CCPA/CPRA, FERPA, and Microsoft SSPA compliant (but we don’t formally audit against those). We’re consistently looking to harden and lock down (partly for security, partly to meet ever-rising, ever-encroaching customer demands esp. from media, entertainment, finance, and government customers/prospects). Currently using OneTrust Certification Automation (great for past 2 years, but seems to have stalled after Tugboat was acquired). Looking to upgrade program to better align with NIST SP 800-53 and friends and/or ISO 27001 (in addition to SOC 2 and TPN). We’ve talked about doing FedRAMP and have been requested to meet several crazy-deep custom finance infosec/GRC frameworks. They feel above our current station/capabilities, but we’re edging that direction to prepare for a future deal for which the business says “okay, it’s now worth it to comply, get going!”
H
Hao Wangover 2 years ago
@Hao Wang has joined the channel
S
Seanover 2 years ago
@Sean has joined the channel
J
Jim Connerover 2 years ago
@Jim Conner has joined the channel
Seanover 2 years ago
Thanks for starting the channel. I’m required to meet nearly all the compliance/authorization types. (ISOs,SOCs,PCI,HiTrust,FedRAMP, …).
Jim Connerover 2 years ago
yeah, we do fedramp and ISO -- and one more iirc
Jim Connerover 2 years ago
I'm curious about how you folks, if you use RDBMS, manage the credential rotation requirements --
