by
Sarah Harvey / December 16, 2022
Imagine if you could search someone’s name on Google, and their full span of medical data and complete medical history was available. An employer could do it, a potential date could do it, an estranged family member could do it – how scary would that be? There’s debate about how much the average piece of medical data is worth, but trust us, it adds up. The many facets of the…
by
Joseph Kirkpatrick / February 3, 2023
Common Criteria 6.7 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.7 says, “The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives.” How does understanding the…
by
Joseph Kirkpatrick / May 31, 2023
Common Criteria 6.6 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.6 says, “The entity implements logical access security measures to protect against threats from sources outside its system boundaries.” How can organizations be sure that they’re complying with this criterion? Let’s discuss. Dealing with External Threats During…
by
Joseph Kirkpatrick / December 16, 2022
Common Criteria 6.5 When a service organization pursues SOC 2 compliance, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.5 says, “The entity discontinues logical and physical protections over physical assets only after the ability to read or recover data and software from those assets has been diminished and is no longer required to meet the entity’s…
by
Sarah Harvey / June 14, 2023
When choosing an audit firm to partner with, it should be more than just a business transaction: you should be thinking about building a relationship with an organization and how its employees will help your organization in the long run. Like any relationship, there are sure to be challenges along the way, and the auditor-auditee relationship is no exception. Whether it’s your first time partnering with an audit firm or…
