Blog

SOC 2 Academy: Access Controls for Remote Employees

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.7 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.7. Common criteria 6.7 says, “The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission,…

The Dangers of End-of-Support Operating Systems

by Sarah Harvey / June 14, 2023

Computer hardware and software is not built to last forever. End-of-support operating systems are one of the most common vulnerabilities discovered on enterprise networks. Why? Typically, it’s for one of two reasons. First, the organization could just lack a refresh of technology. But, end-of-support vulnerabilities could also occur because organizations need legacy software that will only function on an older operating system. Here's some end of support guidance for common…

Why Would Someone Want to Compromise Medical Data?

by Sarah Harvey / December 16, 2022

Imagine if you could search someone’s name on Google, and their full span of medical data and complete medical history was available. An employer could do it, a potential date could do it, an estranged family member could do it – how scary would that be? There’s debate about how much the average piece of medical data is worth, but trust us, it adds up. The many facets of the…

SOC 2 Academy: Movement of Data

by Joseph Kirkpatrick / February 3, 2023

Common Criteria 6.7 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.7 says, “The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives.” How does understanding the…

SOC 2 Academy: Dealing with External Threats

by Joseph Kirkpatrick / May 31, 2023

Common Criteria 6.6 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.6 says, “The entity implements logical access security measures to protect against threats from sources outside its system boundaries.” How can organizations be sure that they’re complying with this criterion? Let’s discuss. Dealing with External Threats During…

SOC 2 Academy: Access Controls for Remote Employees

The Dangers of End-of-Support Operating Systems

Why Would Someone Want to Compromise Medical Data?

SOC 2 Academy: Movement of Data

SOC 2 Academy: Dealing with External Threats

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.