Blog

Signs that You’re in a Good Relationship with Your Auditing Firm

by Sarah Harvey / June 14, 2023

When choosing an audit firm to partner with, it should be more than just a business transaction: you should be thinking about building a relationship with an organization and how its employees will help your organization in the long run. Like any relationship, there are sure to be challenges along the way, and the auditor-auditee relationship is no exception. Whether it’s your first time partnering with an audit firm or…

SOC 2 Academy: Taking Inventory of Physical Devices

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.4 One of the first steps of the SOC 2 audit process is scoping the engagement, which tells auditors what people, processes, and technologies will be included in the assessment. Because auditors will assess an organization’s compliance with the 2017 Trust Services Criteria, organizations need to demonstrate that they comply with common criteria 6.4. Common criteria 6.4 says, “The entity restricts physical access to facilities and protected information…

SOC 2 Academy: Physical Security Controls

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.4 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.4. Common criteria 6.4 says, “The entity restricts physical access to facilities and protected information assets (for example, data center facilities, backup media storage, and other sensitive locations)…

SOC 2 Academy: Assigning Roles and Responsibilities

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.3 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.3. Common criteria 6.3 says, “The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system…

Canada’s New Breach Notification Law: Preparation and Impact

by Sarah Harvey / December 16, 2022

On November 1, 2018, Canada’s Data Privacy Act amended the Personal Information Protection and Electronic Data Act (PIPEDA) to include Breach of Security Safeguards Regulations. Organizations subject to PIPEDA will now have to report breaches that pose a “real risk of significant harm” to affected individuals to the Office of the Privacy Commissioner of Canada (OPC). What does this new regulation mean for organizations and how can they operate in…

Signs that You’re in a Good Relationship with Your Auditing Firm

SOC 2 Academy: Taking Inventory of Physical Devices

SOC 2 Academy: Physical Security Controls

SOC 2 Academy: Assigning Roles and Responsibilities

Canada’s New Breach Notification Law: Preparation and Impact

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.