Blog

SOC 2 Academy: Assessing the Significance of Risks

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.2 During a SOC 2 audit, auditors will validate that organizations comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 3.2 states, “The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed." When an auditor is assessing an organization’s compliance with this, they will observe…

SOC 2 Academy: How to Manage Risks

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 3.2 (CC3.2) states, “The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.” We’ve discussed the different…

SOC 2 Academy: Using a Risk Assessment

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.1 During a SOC 2 audit, auditors will validate that organizations comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. When an auditor is assessing an organization’s compliance with common criteria 3.1, which states, “The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives,” they will want to see that the entity not only conducts…

SOC 2 Academy: What Types of Risks Does Your Organization Face?

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.1 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 3.1 (CC3.1) states, “The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.” Why is common criteria 3.1 so critical for SOC 2 compliance? Let’s discuss.…

Was the Audit Worth It?

by Sarah Harvey / June 14, 2023

Information security audits strengthen business operations, yet many organizations are fearful of the process. We understand organizations’ hesitance to spend the time, money, and resources on information security – but the threats are only going to get more pervasive and more sophisticated. When a company chooses to invest in information security, it’s evidence of their commitment to providing assurance to clients, prospects, regulators, and business partners. But before they choose…

SOC 2 Academy: Assessing the Significance of Risks

SOC 2 Academy: How to Manage Risks

SOC 2 Academy: Using a Risk Assessment

SOC 2 Academy: What Types of Risks Does Your Organization Face?

Was the Audit Worth It?

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.