Blog

“Moving Left” and Moving Forward in GRC

September 15, 2020

Steven Nguyen, Director of GRC at Segment, on the sea change brewing in the compliance industry around security sales enablement and automation tooling.

Compliance professionals are struggling to manage compliance and enable sales to close deals. Pioneers like Steven Nguyen, Director of GRC at customer data platform Segment, are coming up with creative solutions to ease and expedite compliance requests. Nguyen is pioneering a new way of thinking about GRC—and how compliance must adapt and automate to meet the demands of internal stakeholders and customer needs.


Securing websites via HTTP Security Headers

September 9, 2020

We recently rolled out updated HTTP security headers for Comply. Following best practices with HTTP security headers can be a quick way to add an additional layer of security to a website, so we wanted to share our work here in hopes that others might find it helpful.

What is a UX Engineer at Aptible?

September 2, 2020

UX Engineers at Aptible play an important role in the product development process by blending UX knowledge with technical skills to fill the gap between design and engineering.

Death by a thousand existential checks

August 13, 2020

Existential checks are when we have to detect whether or not a variable has a value - that is, checking to see if a variable exists. If the value is `null`, `undefined` or otherwise falsy, then it fails the check. This usually takes the form of an if-statement.

Build Customer Trust with HITRUST

August 11, 2020

Comply now supports the HITRUST framework, making it easier for healthcare companies to gain certification of their data security practices and build customer trust through compliance. We have also partnered with NCC Group to create our controls making assessments through them faster and more affordable.

Simplifying Compliance Management with Automated Evidence Collection & Dashboards

August 5, 2020

Automated evidence collection removes the need to do tedious evidence collection while Dashboards provides data and insights to help you focus on the most critical needs in your program. These features are intended to help compliance teams continuously monitor their programs, eliminate menial work, and focus their efforts on what’s truly important so they can do more with less.

“Finding” Your Way to Better Security in Multitenant Rails Applications

July 29, 2020

Let’s say you’ve created a SaaS application that lets customers keep track of their vendors. Things are going well and you’re adding many customers. One day, a curious customer starts messing around with the IDs in URLs and stumbles across a vendor they shouldn’t have access to. This is Very Bad™, especially if your customers are relying on your application to store sensitive information!

What the Death of Privacy Shield Means For You

July 16, 2020

Today the European Union’s top court ruled that Privacy Shield is invalid which means that companies who do business in the EU and bring customer data to the US will likely need to make dramatic changes or risk significant fines. At this point companies have three options, and we’ll list them in order of (lowest to highest) potential impact on the business. If you’d like to learn more about what the death of Privacy Shield means for your business we encourage you to join our free interactive Q&A webinar that’s being held on July 23rd, 2020 at 8:30am PT. Register for the webinar now!

Turn Compliance Into Customer Trust

July 8, 2020

Comply Rooms is a new way for compliance teams to help Sales close deals faster while reducing their effort. It is sales enablement for compliance teams, completely reinvented, so that companies can easily turn compliance into customer trust. Customers and prospects can access compliance documents in a self-serve environment while automatic watermarking, NDA gated access, and advanced reporting make the tool simple yet powerful.

Making Compliance Collaboration Easier

May 29, 2020

The Comply integration with Jira that will make evidence collection and collaboration with teammates radically easier and faster. Now Compliance can work in Comply while engineers work in Jira, and tickets can be created, assigned, monitored, and completed. Compliance teams can use Comply as the one tool to operate from and the single source of truth.