Blog

SOC 2 Type 1 vs Type 2: What’s the Difference?

by Joseph Kirkpatrick / February 14, 2024

What is a SOC 2 Audit? A SOC 2 audit is an audit of a service organization’s non-financial reporting controls as they relate to the Trust Services Criteria – the security, availability, processing integrity, confidentiality, and privacy of a system. A SOC 2 audit report provides user entities with reasonable assurance and peace of mind that the non-financial reporting controls at a service organization are suitably designed, in place, and appropriately…

15 Information Security Policies Every Business Should Have

by Tori Thurmond / February 6, 2024

When a business suffers a data breach or any other information security failure, it’s best practice to launch a root-cause investigation. We want to know what happened, how it happened, and how it could have been prevented. Whatever the ultimate conclusion of the investigation, among the causes, you will usually find either: Inadequate information security policies A failure to properly implement existing information security policies Information security policies are how…

SOC 1 Type 1 vs Type 2: What’s the Difference?

by Joseph Kirkpatrick / February 5, 2024

You know you need to complete a SOC 1 audit but aren't sure if you need a SOC 1 Type I or a SOC 1 Type II. What sets them apart and which makes the most sense for your organization's needs? Don't let the complexities of SOC reports overwhelm you! Below, we explore the importance of a SOC 1 audit report and compare the SOC 1 Type I vs Type…

Understanding the 3 FISMA Compliance Levels: Low, Moderate, and High

by Tori Thurmond / January 31, 2024

What is FISMA? The Federal Information Security Management Act (FISMA) is a piece of United States legislation, enacted as part of the Electronic Government Act of 2002. FISMA’s intent is to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems. FISMA is the law; NIST Special Publication 800-53, Security Controls for Federal Information Systems and Organizations, is the standard that…

Why Should Your Employees Sign a Policy Acknowledgment Form?

by Tori Thurmond / January 17, 2024

What does it mean for your employees to acknowledge your employee policies and procedures? To comply with information security standards, it’s required that all employees have expressed acknowledgment of the policies in place within your organization, specifically through a policy acknowledgment form for things like your information security policies and employee handbook. Having policy acknowledgment forms is an important piece of the puzzle when it comes to policy development and…

SOC 2 Type 1 vs Type 2: What’s the Difference?

15 Information Security Policies Every Business Should Have

SOC 1 Type 1 vs Type 2: What’s the Difference?

Understanding the 3 FISMA Compliance Levels: Low, Moderate, and High

Why Should Your Employees Sign a Policy Acknowledgment Form?

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.