Overview
Learn how to design and implement compliance-as-code for third-party information security audits in this 30-minute talk by Kamalika Majumder. Explore the evolving landscape of compliance standards, including the transition from PCI DSS v3.2.1 to v4.0 with its 50+ new rules, and the upcoming shift from ISO 27001:2013 to ISO/IEC 27001:2022. Discover practical examples using Terraform to implement ISO 27001 and SOC2 compliance-as-code, drawn from real client projects. Master techniques for creating portable, customizable security measures that work across different cloud providers while maintaining consistent security standards. Gain insights into proactive compliance management that eliminates last-minute evidence collection and seamlessly integrates security throughout your IT infrastructure.
Syllabus
PCI DSS v3.2.1 retired this year & v4.0 has more than 50 new rules. All ISO 27013 certificates issued after Oct 31st 2022, will expire on October 31st 2025. It will be replaced by the new ISO/IEC 27022.
Taught by
HashiCorp