SOC 2 Academy: Who Should Make Updates To Your Risk Assessment?

by Joseph Kirkpatrick / December 16, 2022

The Importance of Teamwork During a Risk Assessment During a SOC 2 audit, an auditor will assess an organization’s risk assessment processes. This includes not only assessing how the organization assesses risk, but the people involved in the risk assessment process as well. Auditors will want to see that the organization has a process in place regarding who should make updates to the risk assessment. Why is that? One of…

Read More

SOC 2 Academy: Assessing Changes Within Your Organization

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.4 When a service organization undergoes a SOC 2 audit, auditors will look to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 3.4 (CC3.4) states, “The entity identifies and assesses changes that could significantly impact the system of internal control.” Let’s take a look at what organizations need to do during their SOC 2 audit to demonstrate…

Read More

SOC 2 Academy: How Fraud Can Impact Risk

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.3 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 3.3 (CC3.3) states, “The entity considers the potential for fraud in assessing risks to the achievement of objectives.” This means that organizations must consider how fraud can impact risk. What does an organization need…

Read More