SOC 2 Academy: Risks from Business Partners

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.2 While organizations must consider the risks to their operations, finances, and reputation caused by threats inside their organization, they must also consider outside risks from business partners and third-party vendors. During a SOC 2 audit, organizations will have to demonstrate that they consider the risks from business partners and third-party vendors in order to comply with the SOC 2 common criteria 3.2, which states, “The entity identifies…

Read More

SOC 2 Academy: Assessing the Significance of Risks

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.2 During a SOC 2 audit, auditors will validate that organizations comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 3.2 states, “The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed." When an auditor is assessing an organization’s compliance with this, they will observe…

Read More

SOC 2 Academy: How to Manage Risks

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 3.2 (CC3.2) states, “The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.” We’ve discussed the different…

Read More