Blog

SOC 2 Academy: Disposing of Physical Devices

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.5 When a service organization pursues SOC 2 compliance, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.5 says, “The entity discontinues logical and physical protections over physical assets only after the ability to read or recover data and software from those assets has been diminished and is no longer required to meet the entity’s…

Signs that You’re in a Good Relationship with Your Auditing Firm

by Sarah Harvey / June 14, 2023

When choosing an audit firm to partner with, it should be more than just a business transaction: you should be thinking about building a relationship with an organization and how its employees will help your organization in the long run. Like any relationship, there are sure to be challenges along the way, and the auditor-auditee relationship is no exception. Whether it’s your first time partnering with an audit firm or…

SOC 2 Academy: Taking Inventory of Physical Devices

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.4 One of the first steps of the SOC 2 audit process is scoping the engagement, which tells auditors what people, processes, and technologies will be included in the assessment. Because auditors will assess an organization’s compliance with the 2017 Trust Services Criteria, organizations need to demonstrate that they comply with common criteria 6.4. Common criteria 6.4 says, “The entity restricts physical access to facilities and protected information…

SOC 2 Academy: Physical Security Controls

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.4 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.4. Common criteria 6.4 says, “The entity restricts physical access to facilities and protected information assets (for example, data center facilities, backup media storage, and other sensitive locations)…

SOC 2 Academy: Assigning Roles and Responsibilities

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.3 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.3. Common criteria 6.3 says, “The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system…

SOC 2 Academy: Disposing of Physical Devices

Signs that You’re in a Good Relationship with Your Auditing Firm

SOC 2 Academy: Taking Inventory of Physical Devices

SOC 2 Academy: Physical Security Controls

SOC 2 Academy: Assigning Roles and Responsibilities

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.