SOC 2 Academy: Protection Through Logical Access

by Joseph Kirkpatrick / May 31, 2023

Common Criteria 6.1 When a service organization undergoes a SOC 2 audit, auditor will look to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.1 says, “The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity’s objectives.” What will an auditor look for when assessing…

SOC 2 Academy: Expectations of Policies and Procedures

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 5.3 Like with many other frameworks, including PCI DSS and HIPAA, policies and procedures are an integral component of achieving SOC 2 compliance. Why? Because during a SOC 2 audit, an auditor will assess an organization’s compliance with the 2017 SOC 2 Trust Services Criteria. As part of that, an auditor will verify whether or not an organization complies with common criteria 5.3, which says, “The entity deploys…

SOC 2 Academy: Designing Processes for Your Technology

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 5.2 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 5.2. Common criteria 5.2 says, “The entity also selects and develops general control activities over technology to support the achievement of objectives." This means that organizations need to…

Why is Ransomware Successful?

by Sarah Harvey / June 14, 2023

What is Ransomware? Ransomware is the attack method that you’ve seen over and over again in the headlines and, unfortunately, it's not going away. Global outbreaks like WannaCrypt, Petya/NotPetya, and BadRabbit have made ransomware a household name. The FBI reports that over 4,000 ransomware attacks occur daily. With its sophistication and frequency of attacks, it makes people think – why is ransomware successful? How can it be stopped? Let's discuss…

Why Would a Healthcare Organization Need a SOC 2?

by Sarah Harvey / June 14, 2023

No one wants to work with an at-risk healthcare provider. If someone is looking to use your services, they want to know how secure your healthcare organization actually is. You may think that you have a secure healthcare organization, but does an auditor? With more and more healthcare security breaches being reported to the HHS, it’s more important than ever for covered entities and business associates to demonstrate their commitment…