Blog

Top 4 Information Security Concerns for Shared Working Spaces

by Sarah Harvey / June 15, 2023

From WeWork, Impact Hub, and Knotel to Serendipity Labs, Green Desk, and Techspace, coworking spaces are revolutionizing how people work. A shared working space, or a coworking space, is an environment that fosters collaboration by allowing companies and employees of all sizes and industries to share equipment, offices, and in some cases, ideas. These coworking spaces offer a variety of benefits including flexible leasing or membership options, more affordable working…

SOC 2 Academy: Recovering from a Security Incident

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 7.5 Because security incidents are a matter of when, not if, they occur, it’s a best practice to always analyze what happened and how an organization could have prevented it. That’s why during a SOC 2 audit, an auditor will assess an organization’s compliance with the 2017 Trust Services Criteria, which includes common criteria 7.5. Common criteria 7.5 says, “The entity identifies, develops, and implements activities to recover…

SOC 2 Academy: Testing Your Incident Response Plan

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 7.4 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 7.4 says, “The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate.” While we’ve already discussed why it’s important to establish incident response…

SOC 2 Academy: Incident Response Teams

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 7.4 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 7.4 says, “The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate.” Let’s take a look at what organizations need to do to…

Key Takeaways from the SEC’s Cybersecurity Guidance

by Sarah Harvey / December 16, 2022

In February 2018, the US Securities and Exchange Commission (SEC) affirmed something we know to be true: as organizations rely more and more on technology, the frequency and complexity of cybersecurity threats continue to increase. The SEC issued interpretive cybersecurity guidance, which builds upon the Division of Corporation Finance’s guidance from 2011, for public companies to follow when dealing with cybersecurity incidents and risks. This cybersecurity guidance communicates several major…

Top 4 Information Security Concerns for Shared Working Spaces

SOC 2 Academy: Recovering from a Security Incident

SOC 2 Academy: Testing Your Incident Response Plan

SOC 2 Academy: Incident Response Teams

Key Takeaways from the SEC’s Cybersecurity Guidance

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.