Combining SOC 2 and PCI Audits

by Sarah Harvey / April 12, 2023

We get a lot of questions about SOC 2 and PCI audits. Should your company do both? Are you able to consolidate multiple audits into one project? KirkpatrickPrice has developed the Online Audit Manager to make it easier to combine multiple audits into one project. Let’s talk through why and how you would take on the project of a combined SOC 2 and PCI audit. What are SOC 2 and…

Online Audit Manager

Achieving SOC 2 and HIPAA Compliance with the Online Audit Manager

by Sarah Harvey / September 6, 2023

Multi-Audit Delivery for ProntoForms Because of the complexity of today’s security threats, many organizations must pursue multiple compliance goals to protect their systems. Take ProntoForms, a low-code application platform that helps users deploy field apps to reliably complete field work and collect data that bolsters field service, fleet, safety, and asset management systems. ProntoForms’ users are often in environments with complex equipment and processes, like hospitals, construction sites, heavy manufacturing…

Data Backup Best Practices: 4 Things You Need to Know

by Sarah Harvey / June 14, 2023

Data Backups and Recovery Go Hand-in-Hand When a data breach happens at your organization - whether you’re hit by a ransomware attack, an advanced DoS attack, or an internal actor mistakenly deletes company records - you need to ensure that your data is properly backed up. A data backup is an updated copy of your company’s data that is stored in a separate system or medium (i.e. file, hard drive,…

The SOC Audit Process: Tackling Type I and Type II Reports

by Sarah Harvey / June 13, 2023

So you’ve decided whether you need a SOC 1 or a SOC 2 audit…what’s next? You need to decide where you’ll begin the SOC audit process. With a gap analysis? What are the SOC report types? A Type I? A Type II? Let’s discuss KirkpatrickPrice’s method for completing Type I and Type II audits. SOC Report Types: Type I and Type II FAQs No matter the SOC report types needed…

Security Within Your Development, Staging, and Production Environments

by Sarah Harvey / June 14, 2023

When information security, data security, and cybersecurity measures aren’t followed in development, staging, and production environments, the consequences can be detrimental. We’ve seen that time and time again. Last year, a bug bounty discovered a data breach at Imperva – a leading provider of firewall services. How did it happen? An unauthorized user stole an administrative API key from a production AWS account. What was the mistake behind Uber’s 2016…