27 Compliance Memes to Make the Process a Little More Enjoyable

Troy Fine

by Troy Fine

February 09, 2023
Compliance Memes Header Image
Who said compliance has to be boring? Take a break and have a laugh with this list of compliance memes.
Compliance Meme 1

If you work in cybersecurity, you know how frustrating it can be to be constantly bombarded with doomsday scenarios. 

Between the constant threat of ransomware attacks, the complexity of cybercriminal schemes, and the aggression of nation-state threat actors, it can feel like the challenges are never-ending, and it's easy to get caught up in fear-mongering and sensationalized headlines. 

While it's important to remain vigilant, it's also essential to give yourself permission to take a breather and laugh a little. 

To make the compliance process a bit more enjoyable, we’ve compiled some of our favorite compliance and cybersecurity memes for you below.

On SOC 2

Let’s just get this out of the way:

SOC 2 Meme1

We know, we know. Saying “We received a SOC 2 report covering security” isn’t as catchy as “We are SOC 2 certified.” Resist the temptation! (Looking at you, marketing.)

Soc 2 Meme2

But the good news is…

SOC 2 Meme 3

You can’t pass or fail when it comes to SOC 2—it’s a report on the design of your company’s internal controls.

An auditor issues a report with their opinion on whether those controls were suitably designed and operating effectively to meet the relevant SOC 2 Trust Services Criteria. An auditor will issue a report regardless of how good or bad your controls actually are, and do not determine pass/fail.

When your company receives its first SOC 2 report 🫣

SOC 2 Meme4

When marketing gets a hold of the report…

SOC 2 Meme5

Say it with me (and every CISO out there):

SOC 2 Meme6

SOC 2 is an attestation, not a certification!

But if it was a certification… here’s where we’d put it.

SOC 2 Meme7

When Security Questionnaires Can’t Be Avoided

Questionnaire Meme1

When bringing on a vendor or partner, companies will send lengthy security questionnaires for vetting. Some recipients of said security questionnaires think sending their SOC 2 report will help them skip the questionnaire.

Spoiler alert: It doesn’t.

Questionnaire Meme2

We all wish this meme wasn’t true, but most companies in highly regulated industries require their potential vendors to both provide them a SOC 2 report and complete their security questionnaire.

The SOC 2 report is intended to be an additional level of assurance in support of the questionnaire—it’s not intended to replace it.

If you know, you know.

Questionnaire Meme3

Then there’s the organizations that do fill out the security questionnaire—but instead answer every question with a list of the certifications and reports they have.

And when startups try to sell into the enterprise space.

Questionnaire Meme4

Really, these are all the horcruxes of "security awareness." While we’re at it, let’s throw Draco Malfoy in there as “Fedramp” for good measure.

Scary Audits and Auditors

Auditor Meme1

If you’re in the cybersecurity industry, you know how intimidating the prospect of an audit can be. Without automation of your compliance processes, audits are monumental challenges. 

But hey, at least you have compliance memes to make it all bearable!

Auditor Meme2

Just take some time to brush up on how to prepare for an audit—they said.

That way, you won't be caught off guard by any unexpected questions or requests from the auditors—they said.

Auditors don’t bite!

Auditor Meme3

Just don’t be this guy.

Auditor Meme4

Because there’s a light at the end of the audit tunnel!

Auditor Meme5

Security vs. Compliance

Remember: Security and compliance are not one and the same. You can simultaneously be compliant and not secure. Compliance is the minimum.

Security vs Compliance Meme1

When compliance is the primary goal, this is what happens. Compliance should be the byproduct of good security.

Security vs Compliance Meme2

Instead, the goal should be a culture of security, as it lays a foundation for continuous improvement.

Compliance itself does not build that—leadership does.

Security vs Compliance Meme3

Ok, maybe not that particular leadership.

But when compliance is the focus instead of security, you build a culture of compliance, which leads to complacency. Complacency leads to security breaches.

Nothing to see here. We are compliant!

Security vs Compliance Meme4

In the News

News Meme1

The regulators are coming.

News Meme2

Tell your friends: No more excuses with new regulations rolling out.

News Meme3

And yet, some predictions for this year.

News Meme4

Many bigger companies are setting aside millions, if not billions, of dollars for privacy fines this year for not complying with the full extent of privacy regulations.

On a personal level, with travel ramping up again, don’t fall for this.

News Meme5

And of course, MFA isn’t going anywhere.

News Meme6

Well that was fun. What now?

Sign up for the Trusted Newsletter, and get the latest security and compliance news delivered right to your inbox.

The Drata Newsletter

Trusted is Drata’s newsletter focused on the world of compliance, security, data privacy, and everything in between.


The Drata Community

Screen Shot 2022-07-13 at 9.45 1
Resources for you
SOC 2 policies

12 Commonly Recommended Security Policies for SOC 2

Drata + AssuranceLab

Why AssuranceLab Joined Drata’s Auditor Alliance

Asset - Compliance Uncomplicated - Nemean Services

Compliance Uncomplicated Episode 5: An InfoSec Perspective to Digital Security Success With Nemean Services

Troy Fine
Troy Fine
Director of Risk & Compliance

2023 Compliance Trends Report

Drata surveyed 300 established and enterprise organizations to tap the pulse of the state of risk and compliance. In doing so, we identified related trends, perceptions, and how compliance impacts the business. This year, the primary takeaway is that a mature compliance program will accelerate a business, not slow it down.

Image - 2023 Compliance Trends Report