by
Sarah Harvey / June 14, 2023
What is a Gap Analysis? When an organization pursues an audit for the first time, we strongly recommend starting with a gap analysis. Why? The truth is: we don’t want you to fail the audit. We want to help you prepare for the audit so that you can meet your challenging compliance goals, and we want to educate you on what you’re getting into when you pursue an information security…
by
Joseph Kirkpatrick / December 16, 2022
Common Criteria 2.3 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 2.3 says, “The entity communicates with external parties regarding matters affecting the functioning of internal control.” What will an auditor look for when assessing this criterion? What do organizations need to do to comply…
by
Joseph Kirkpatrick / August 23, 2023
Common Criteria 2.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 2.2 says, “The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.” What will an auditor look for when assessing this criterion? What do…
by
Joseph Kirkpatrick / December 16, 2022
Common Criteria 2.2 Communication is one of the underpinnings of meeting the requirements within the SOC 2 Trust Services Criteria. Common criteria 2.2 says, “The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.” For any type of organization to operate efficiently, there needs to be established avenues of communication for all employees. How will an employee know who to…
by
Sarah Harvey / June 14, 2023
What would it cost you if your printing business compromised client data because of a printing error? How would your organization be impacted if your printers were hacked? As service organizations and third-party vendors, organizations in the printing industry cater to a variety of organizations such as financial, government, or healthcare and are likely to interact with personally identifiable information (PII) on a regular basis. Because of this, it’s critical…
