SOC 2 Academy: Designing and Implementing Environmental Protections

by Joseph Kirkpatrick / December 16, 2022

Understanding Availability Criteria 1.2 When an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the availability category in their audit, they would need to comply with the additional…

Read More

SOC 2 Academy: Preparing for Current and Future Availability Needs

by Joseph Kirkpatrick / December 16, 2022

Understanding Availability Criteria 1.1 When an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the availability category in their audit, they need to comply with the additional criteria…

Read More

SOC 2 Academy: Identifying Vendors as Carve-Out or Inclusive

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 9.2 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 9.1 says, “The entity assesses and manages risks associated with vendors and business partners.” How can organizations be sure that they’re complying with this criterion? Let’s discuss the difference between identifying your vendor as carve-out or inclusive…

Read More