Meiran Galis on Data Security, SOC 2 and ISO 27001 [Podcast]


By Adam Turteltaub

Improving data security at your organization doesn’t just protect you, it can also increase your business, explain Meiran Galis, Chief Executive Officer of Scytale. Customers increasingly want to know that their business partners’ systems are secure and that critical data will not get stolen or held hostage in a ransomware attack.

To ensure that they are meeting data security standards and can provide their customers the assurance that they seek, many organizations pursue SOC 2 or ISO 27001 certification. As Meiran explains, there are key differences between the two.

  • SOC 2, he reports, has become the new gold standard for SaaS applications. It is generally considered of greater value in the US and is not technically a certification. An attestation report is made and independently certified.
  • ISO 27001 is a traditional certification and is focused on information security management. It is more popular outside the US, especially in Europe.

So, should your organization pursue SOC 2 or ISO 27001? That depends on where your current and potential customers are and what they require. Ask sales if prospects and customers are already wanting a certification from your organization.

Once you decide on which certification to pursue, or if both make sense, don’t expect it to be a fast process. For small organizations it may take 250 hours of work.  For larger companies, it may take 1000 hours or more.

Once you earn the certifications, have a plan in place to continuously monitor and periodically audit your efforts.

Listen in to learn more about whether SOC 2, ISO 27001 or both are necessary to protect and grow your organization.