Celebrating Women’s History Month at KirkpatrickPrice

by Sarah Harvey / November 14, 2023

The Role of Women in Information Security Women play critical roles in advancing science, medicine, human rights, social justice issues, and so much more, but there’s one industry where women are just getting their foot in the door: information and cybersecurity. While this growing industry has been long dominated by men, it’s quickly starting to change. In fact, according to Cybersecurity Ventures, the percentage of women in the industry is…

SOC 2 Academy: Designing and Implementing Environmental Protections

by Joseph Kirkpatrick / December 16, 2022

Understanding Availability Criteria 1.2 When an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the availability category in their audit, they would need to comply with the additional…

SOC 2 Academy: Preparing for Current and Future Availability Needs

by Joseph Kirkpatrick / December 16, 2022

Understanding Availability Criteria 1.1 When an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the availability category in their audit, they need to comply with the additional criteria…

SOC 2 Academy: Identifying Vendors as Carve-Out or Inclusive

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 9.2 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 9.1 says, “The entity assesses and manages risks associated with vendors and business partners.” How can organizations be sure that they’re complying with this criterion? Let’s discuss the difference between identifying your vendor as carve-out or inclusive…

Who Should Perform Your Cloud Audit?

by Sarah Harvey / December 16, 2022

The evolution of the cloud presents new security issues every day. As more and more organizations migrate user data to the cloud, it drives both cloud service customers and providers to consider how the cloud will impact the privacy and security of data. How does your organization secure your cloud environment? Just like any type of technology or IT operation, the security of your service needs to be validated by…