--- title: "DMARC- The secret weapon for SOC 2 and ISO 27001 compliance | DMARC Report" description: "DMARC- The secret weapon for SOC 2 and ISO 27001 compliance DMARC is the only email authentication protocol that gives you both enforcement and visibility." image: "https://dmarcreport.com/og/blog/dmarc-the-secret-weapon-for-soc-2-and-iso-27001-compliance.png" canonical: "https://dmarcreport.com/blog/dmarc-the-secret-weapon-for-soc-2-and-iso-27001-compliance/" --- Quick Answer DMARC- The secret weapon for SOC 2 and ISO 27001 compliance Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fdmarc-the-secret-weapon-for-soc-2-and-iso-27001-compliance%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=DMARC-%20The%20secret%20weapon%20for%20SOC%202%20and%20ISO%2027001%20compliance&url=undefined%2Fblog%2Fdmarc-the-secret-weapon-for-soc-2-and-iso-27001-compliance%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fdmarc-the-secret-weapon-for-soc-2-and-iso-27001-compliance%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fdmarc-the-secret-weapon-for-soc-2-and-iso-27001-compliance%2F&title=DMARC-%20The%20secret%20weapon%20for%20SOC%202%20and%20ISO%2027001%20compliance "Share on Reddit") [ ](mailto:?subject=DMARC-%20The%20secret%20weapon%20for%20SOC%202%20and%20ISO%2027001%20compliance&body=Check out this article: undefined%2Fblog%2Fdmarc-the-secret-weapon-for-soc-2-and-iso-27001-compliance%2F "Share via Email") ![DMARC- The secret weapon for SOC 2 and ISO 27001 compliance](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) ## Try Our Free DMARC Checker Validate your DMARC policy, check alignment settings, and verify reporting configuration. [ Check DMARC Record → ](/tools/dmarc-checker/) **DMARC- The secret weapon for SOC 2 and ISO 27001 compliance** > DMARC is the only email authentication protocol that gives you both enforcement and visibility, says Brad Slavin, General Manager of DuoCircle. SPF and DKIM authenticate silently - DMARC tells you what happened and lets you control the outcome. That combination of reporting and policy is why DMARC adoption is accelerating. DMARC ([RFC 7489](https://datatracker.ietf.org/doc/html/rfc7489)) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible `From` header. According to Google’s February 2024 bulk sender requirements, a DMARC policy of at least `p=none` is now mandatory for any domain sending 5,000+ messages per day to Gmail users. DMARC- The secret weapon for SOC 2 and ISO 27001 compliance Play EpisodePause Episode Mute/Unmute EpisodeRewind 10 Seconds1xFast Forward 30 seconds 00:00/ RSS Feed Share \[ \]( The secret weapon for SOC 2 and ISO 27001 compliance)\[ \]( The secret weapon for SOC 2 and ISO 27001 compliance)\[ \]() Link Embed /\*! This file is auto-generated \*/ ” class=“input-embed input-embed-31118”/> \*\*SOC 2 and ISO 27001 are not just limited to firewalls and passwords. Amidst the growing threat landscape and the sophistication driven by artificial intelligence, they require protection against data breaches, including [email-based cyberattacks](https://www.darkreading.com/cyber-risk/email-based-attacks-cyber-insurance-claims). As per [Barracuda’s 2025 Email Threats Report](https://www.barracuda.com/reports/2025-email-threats-report), one in every four emails was either malicious or spam, reinforcing the idea that email is the dominant attack surface. This is where DMARC helps domain owners tell \*\*receiving email servers how to handle spoofed emails sent from their domain by unauthorized senders. This article explains how DMARC helps meet SOC 2 and [ISO 27001](https://www.techtarget.com/whatis/definition/ISO-27001) requirements and what happens if you ignore it in your compliance plan. ## How does DMARC map to SOC 2 and ISO 27001 controls? When companies prepare for [SOC 2](https://www.imperva.com/learn/data-security/soc-2-compliance/) and ISO 27001 compliance, they often overlook email authentication controls like DMARC, which directly support these standards. As of 2025, DMARC is mandatory under multiple compliance frameworks. [CISA BOD 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) requires p=reject for US federal domains. [PCI DSS v4.0](https://www.pcisecuritystandards.org/) mandates DMARC for organizations processing payment card data as of March 2025\. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and [Microsoft began rejecting](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) non-compliant email in May 2025\. The UK [NCSC](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing), Australia’s [ASD](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-email), and Canada’s [CCCS](https://www.cyber.gc.ca/en/guidance/implementation-guidance-email-domain-protection) all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition. ![Dmarc report](https://media.mailhop.org/dmarcreport/images/2025/08/dmarc-report-6974.jpg) ## SOC 2 alignment SOC 2 is based on the [Trust Service Criteria developed by AICPA](https://www.aicpa-cima.com/resources/download/2017-trust-services-criteria-with-revised-points-of-focus-2022), which essentially includes security, availability, and processing integrity, confidentiality, and privacy. DMARC helps fulfill these by preventing unauthorized use of your domain, which is these days a common [cyberattack](https://www.aljazeera.com/news/2025/4/15/china-accuses-us-of-launching-cyberattacks-during-asian-winter-games) vector for [data breaches](https://www.usatoday.com/story/tech/2025/07/30/tea-dating-app-data-breach/85443741007/) and fraud. ## CC6.x: Logical and Physical Access Controls This criterion addresses how organizations **prevent unauthorized system access**. DMARC, [SPF](https://dmarcreport.com/what-is-spf/), and [DKIM](https://dmarcreport.com/what-is-dkim/) collectively ensure that only approved [mail servers](https://www.cloudflare.com/learning/email-security/what-is-a-mail-server/) can send emails on behalf of your domain, reducing impersonation risks. ## CC7.x: System Operations and Change Management Organizations must detect and mitigate system changes that could impact security . Since DNS-based [email authentication](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) is configuration-driven, monitoring DMARC policy changes (e.g., from p=reject to p=none) aligns with \*\*CC7.x expectations for security control oversight. ![Dmarc check](https://media.mailhop.org/dmarcreport/images/2025/08/dmarc-check-9754.jpg) ## ISO 27001 alignment [ISO 27001 Annex A](https://drata.com/grc-central/iso-27001/controls) contains controls that DMARC helps address: ## A.8.2: Information Classification Email often carries [sensitive data](https://www.csoonline.com/article/3819170/nearly-10-of-employee-gen-ai-prompts-include-sensitive-data.html). \*\*Protecting its integrity through authentication is part of safeguarding classified information. ## A.12.6: Technical Vulnerability Management Email [spoofing and phishing](https://www.msspalert.com/brief/novel-usps-spoofing-phishing-attack-relies-on-malicious-pdfs) are vulnerabilities. Implementing DMARC reduces this attack surface, aligning with technical risk mitigation. ![Dmarc record generator](https://media.mailhop.org/dmarcreport/images/2025/08/dmarc-record-generator-9654.jpg) ## A.13.2: Information Transfer Policies and Controls Email is a primary transfer channel for information. By enforcing authentication, DMARC ensures only authorized channels are used, reducing the risk of data compromise during transfer. Unauthenticated \*\*email channels directly violate these principles because they allow adversaries to impersonate your organization, eroding [data integrity](https://www.fortinet.com/resources/cyberglossary/data-integrity) and client trust. ## How does DMARC simplify audit? Evidence gathering is undoubtedly one of the most time-consuming parts of being SOC 2 and ISO 27001 compliant.\_ You have to demonstrate that your security controls are not merely implemented for the sake of it, but are actively enforced, monitored, and adjusted.\_ This is where DMARC holds a distinct advantage. ## Policy status indicates compliance \_As a domain owner, you can choose one of the three DMARC policies (none, quarantine, or reject). \_These policies are more than just technical configurations ; they actually reflect your organization’s [security posture](https://www.techtarget.com/searchsecurity/definition/security-posture) maturity: - p=none- Monitoring mode; low assurance - p=quarantine- Medium assurance; suspicious mail gets flagged - p=reject- Highest assurance; spoofed mail is blocked Auditors love clear indicators like these because they show progress toward a stronger control environment without digging into **vague claims**. ![Create dmarc record](https://media.mailhop.org/dmarcreport/images/2025/08/create-dmarc-record-9911.jpg) ## An XML report means automated compliance evidence Every DMARC-enabled domain generates aggregate [XML reports](https://www.ibm.com/docs/en/iis/11.7.0?topic=reference-generating-xml-report), detailing: sending sources (IP addresses), alignment results (SPF, DKIM checks), and policy application status Now the XML [DMARC reports](https://dmarcreport.com/blog/how-to-read-dmarc-reports-guide-2026/) can be parsed and stored automatically. This way, your audit trail is automatically created without you needing to do anything manually. So, there is no need to scramble for screenshots or logs. The compliance team can instead focus on presenting structured evidence of email authentication over time, and this is exactly what SOC 2 and \*\*ISO auditors need to verify if the controls are effective enough. PS: Use online parser tools to convert XML reports to easy-to-understand visual dashboards . ## DMARC and continuous compliance Deploying DMARC is a crucial step towards securing your [brand reputation](https://influencity.com/blog/en/brand-reputation-definition) from getting soiled because of phishing and spoofing email attacks done in your name. However, SOC 2, ISO, and other compliances don’t just require implementation; they demand proof of ongoing effectiveness. This is where automated continuous compliance comes into play. ![Dmarc report](https://media.mailhop.org/dmarcreport/images/2025/08/dmarc-report-6622.jpg) ## Why continuous oversight matters Often, a company’s technical infrastructure change- a new device, new IPs, switching to a different [SaaS vendor](https://www.bettercloud.com/what-is-saas-vendor-management/), etc. When all these changes occur, it’s essential to make the necessary changes to SPF and DMARC records. If you don’t do it, your SPF and [DMARC records](https://dmarcreport.com/dmarc-record/) will get invalidated, ruining your compliance journey and exposing your domain to cyber threats. ## Automation to the rescue Instead of relying on \*\*manual checks and last-minute evidence gathering, organizations are turning to automated compliance monitoring. Here’s what that looks like for DMARC: - **Policy tracking**: Regularly verify that your [DMARC policy](https://dmarcreport.com/blog/what-is-a-dmarc-policy-and-how-does-it-affect-sending-my-emails/) hasn’t reverted to p=none or weakened over time. - **SPF/DKIM health checks**: Monitor alignment and alert if something breaks. - **Evidence collection**: Aggregate DMARC reports and log policy status changes to build a time-stamped compliance trail without the spreadsheet chaos. ## The cost of skipping DMARC in your compliance strategy DMARC is not just a ‘**nice-to-have email hygiene**.’ It’s instead a measurable control that helps your brand name avoid BEC exposure while also stabilizing audit outcomes. If you are still not serious about DMARC, then you can face the following repercussions: ![Dmarc check](https://media.mailhop.org/dmarcreport/images/2025/08/dmarc-check-9770.jpg) ## Increased audit failures Without DMARC in place, you and your team members can be easily impersonated. This gives cyberattackers a chance to send fake vendor invoices, approve payments on behalf of the [CFO](https://apparelresources.com/business-news/retail/kelly-dilts-join-nordstrom-new-cfo/), or share [malware-infected files](https://www.bleepingcomputer.com/news/security/the-most-common-malicious-email-attachments-infecting-windows/). _These incidents translate into SOC 2 and ISO 27001 exceptions around access control, secure operations, and information transfer._ Even if no money moves, repeated spoofing attempts with weak or drifting policies (p=none) look like ineffective controls, which elevates \*\*audit scrutiny and remediation workload. ## Regulatory pain and erosion of trust Spoofed emails can lead to data disclosure, translating into hefty fines and eroded trust of your customers. Under the [GDPR](https://www.investopedia.com/terms/g/general-data-protection-regulation-gdpr.asp), supervisory authorities can levy penalties up to [€20 million or 4% of global annual turnover](https://www.edpb.europa.eu/news/news/2023/12-billion-euro-fine-facebook-result-edpb-binding-decision) \- whichever is higher. And these penalties aren’t just theoretical. Enforcement actions have reached the billion-euro range, which clearly indicates how serious the compliance bodies are when it comes to punishing weak data protection practices! ## HIPAA violation for healthcare businesses Phishing emails that lead to a breach of patient health information can result in heavy fines under [HIPAA](https://www.proofpoint.com/us/threat-reference/hipaa-compliance). The [U.S. Department of Health and Human Services (HHS)](https://en.wikipedia.org/wiki/United%5FStates%5FDepartment%5Fof%5FHealth%5Fand%5FHuman%5FServices) Office for [Civil Rights](https://www.bbc.com/news/articles/cgl039j87x0o) can issue penalties if the organization is found at fault. ![Dmarc alignment](https://media.mailhop.org/dmarcreport/images/2025/08/dmarc-alignment-6433.jpg) After the 2024 inflation adjustment, the maximum fine for a serious violation, such as willful neglect that is not fixed within 30 days, can go over [$2.13 million](https://www.ic3.gov/AnnualReport/Reports/2024%5FIC3Report.pdf) for each category of violation. The amount depends on how responsible the organization was for the breach. In simple terms, one phishing email can end up costing millions if proper safeguards are not in place. So, if you are also lenient about [DMARC](https://dmarcreport.com/) deployment and management, it’s time to think about what the repercussions can look like for your business. Want help in **getting started**? Contact us [here](https://dmarcreport.com/contact/). ## Sources - [FBI Internet Crime Complaint Center (IC3) 2024 Report](https://www.ic3.gov/AnnualReport/Reports/2024%5FIC3Report.pdf) (2024) - [RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)](https://datatracker.ietf.org/doc/html/rfc7489) ## Topics [ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ dmarc record ](/tags/dmarc-record/)[ SPF ](/tags/spf/) ![Vasile Diaconu](https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg) [ Vasile Diaconu ](/authors/vasile-diaconu/) Operations Lead Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report. [LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Foundational 7m 4 sectors that need email authentication the most and why Oct 15, 2024 ](/blog/4-sectors-that-need-email-authentication-the-most-and-why/)[ Foundational 4m 8 Misconceptions About DMARC and its Deployment for Businesses Dec 4, 2023 ](/blog/8-misconceptions-about-dmarc-and-its-deployment-for-businesses/)[ Foundational 8m 9 technologies to protect your emails from cyber actors Dec 10, 2024 ](/blog/9-technologies-to-protect-your-emails-from-cyber-actors/)[ Foundational 14m Add TXT Record on Namecheap (SPF, DKIM & DMARC) - 2026 Mar 5, 2025 ](/blog/add-txt-record-on-namecheap-a-complete-dns-guide/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"DMARC- The secret weapon for SOC 2 and ISO 27001 compliance","description":"DMARC- The secret weapon for SOC 2 and ISO 27001 compliance DMARC is the only email authentication protocol that gives you both enforcement and visibility.","url":"https://dmarcreport.com/blog/dmarc-the-secret-weapon-for-soc-2-and-iso-27001-compliance/","datePublished":"2025-08-27T06:24:56.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-08-27T06:24:56.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/dmarc-the-secret-weapon-for-soc-2-and-iso-27001-compliance/"},"articleSection":"foundational","keywords":"dkim, DMARC, dmarc record, SPF","wordCount":1548,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"DMARC- The secret weapon for SOC 2 and ISO 27001 compliance","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"DMARC- The secret weapon for SOC 2 and ISO 27001 compliance","item":"https://dmarcreport.com/blog/dmarc-the-secret-weapon-for-soc-2-and-iso-27001-compliance/"}]} ```