Resources

Our resource center for all things Compliance

Frequently Asked Questions

The most common questions we get.

6 answers

A Type-1 audit is conducted at a point in time. Type-1 shows what’s in place to get compliant. A Type-2 audit is a much broader and comprehensive audit which inspects the effectiveness of control operations across a period of time (usually 6-12 months). Type-2 shows how you’re staying compliant over time. We provide evidence collection, monitoring, and real-time auditor feedback over that entire span of time.

Unlike PCI, only a CPA firm can provide a signed SOC-2 report. We help you Control the SOC 2 Compliance process, prepare and facilitate the audit, and act as an internal audit team to help you pass without the pain. But we cannot grant a SOC-2 report. We're happy to connect you with one of our audit partners to get it done quickly!

There are currently five Trust Services Criteria: Security, Availability, Confidentiality, Privacy and Processing Integrity. Most organizations start their compliance journey focused on Security, then build a compliance roadmap across other criteria over time.

Control is the Very Good Security’s Compliance Platform. Many compliance frameworks have common criteria. This means that, for example, adherence to a PCI Control, can also apply to a HIPAA control. We cover multiple compliance frameworks, including ISO 270001, PCI, HIPAA, GDPR, CCPA and more.

SOC 2 applies to a much broader range of organizations, and focus on the security, availability, confidentiality, processing integrity, and/or privacy of customer data. PCI on the other hand, has a narrower focus, specific to organizations that accept, store, process, or transmit cardholder data.

No. There’s obvious benefits that you should seriously consider; like immediate compliance across dozens of data related control criteria. But it’s not a requirement. We see many customers starting with Control and adding the VGS Vault as they grow their security posture.

Billing

Issues related to payments or invoicing.

3 answers

VGS Control is an annually renewed platform in order to provide value over time in renewing your audits. The annual fee can be paid all once, or in monthly installments.

Contact your account representative, or email us at control@verygoodsecurity.com

While we don't offer referral codes, please let your account manager know anything that may be determining your budget. We're happy to work with you on pricing!

Authentication

Issues related to logging in, out, or about multiple devices.

4 answers

Our accounts automatically timeout your login after 24 hours, if you're losing access faster than that, check that your cookies and cache are not being automatically cleared. Try turning off any browser extensions on our page. If you continue to have any issues, please contact your account representative.

Please contact your account representative directly or email us at control@verygoodsecurity.com

We should connect to determine which compliance frameworks you're pursuing, if we can help by providing an auditor or pentester, and to walk you through some of our cool paid features.

We support SSO via Google login, as well as regular email based accounts. MFA is coming soon! We also support RBAC for user accounts invited to the platform.


Related Help Center Categories

If you didn’t find what you needed, these could help!

Compliance

Tips for achieving your compliance tasks

Read article

Monitoring

Integration steps and access policies

Read Article

Stay Compliant

Configuration explanations and best practices

Read Article
Get it done

Sign up for a free account today

Sign up today to receive the Security Foundations Controls Collection and begin your compliance journey now.

Start for free

Request a demo

Do you need more information? Schedule a demo to learn more about how we can help you take Control.

Thanks, we'll be in contact soon!