Marana | We Bridge Gaps
Security & Compliance
hero_pattern.jpg

We help you prepare for a successful audit.

Audit Readiness.

SOC-2

What was once a nice to have has now become an industry standard and differentiator in contract negotiations. Our clients stay one step ahead of the competition by achieving SOC-2 Type I & II compliance.

HIPAA

HIPAA standards can be overwhelming and difficult to understand. We are here to  help you become familiar with its structure and definitions to achieve better protection for your customer’s data.

GDPR

The General Data Protection Regulation (GDPR) is a recent set of proposed rules that are expected to help European countries address a host of thorny data privacy issues. We can help you understand how this new set of laws will impact your data management process.                                                       


We guide you through your compliance journey.

Assessment


Services:

  • High-level gap analysis
  • Internal security policies documentation (Engineering)
  • Compliance road map
  • Education of Senior staff to prevent pitfalls
  • Data classification

Milestones:

  • Communicate clearly online about internal security  practices

Questions:

  • How do I communicate with potential clients that we are secure?
  • What systems and processes need to be put in place to reduce the cost of compliance on the long run?
  • What are the compliance requirements at this stage?

Remediation


Services:

  • Company wide gap analysis
  • Review and bridge gaps for People Ops, Customer Success
  • High Availability, Business Continuity, Disaster Recovery plans
  • Risk Assessment
  • Introduction to Auditors
  • Employee training
  • Guide through first audit

Milestones:

  • Distribution of SOC 2 Type I report to prospects

Questions:

  • How  should my Sales team approach compliance questions?
  • What processes should I have in place for new employees?
  • How do I start marketing our investment into compliance?
  • How do I make compliance become part of my company culture?

Compliance


Services:

  • Distribution of security changes company wide
  • Implement Risk Assessment, ISMS, and Audit cadence
  • Negotiation with auditors
  • Periodic review of internal processes

Milestones:

  • SOC-2 Type II every 6 months, GDPR, HIPAA

Questions:

  • How do I integrate compliance as part of my sales cycle?
  • How do I make sure that new features are not at risk?
  • How do I incorporate compliance as part of our business strategy?
  • How do I make sure I remain compliant through hyper growth?