Was the Gap Analysis Worth It?

by Sarah Harvey / June 14, 2023

What is a Gap Analysis? When an organization pursues an audit for the first time, we strongly recommend starting with a gap analysis. Why? The truth is: we don’t want you to fail the audit. We want to help you prepare for the audit so that you can meet your challenging compliance goals, and we want to educate you on what you’re getting into when you pursue an information security…

SOC 2 Academy: Communicating with External Parties

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 2.3 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 2.3 says, “The entity communicates with external parties regarding matters affecting the functioning of internal control.” What will an auditor look for when assessing this criterion? What do organizations need to do to comply…

SOC 2 Academy: Communicating with Internal Parties

by Joseph Kirkpatrick / August 23, 2023

Common Criteria 2.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 2.2 says, “The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.” What will an auditor look for when assessing this criterion? What do…

SOC 2 Academy: The Importance of Organizational Communication

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 2.2 Communication is one of the underpinnings of meeting the requirements within the SOC 2 Trust Services Criteria. Common criteria 2.2 says, “The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.” For any type of organization to operate efficiently, there needs to be established avenues of communication for all employees. How will an employee know who to…

How Information Security Audits Can Lead to New Opportunities in the Printing Industry

by Sarah Harvey / June 14, 2023

What would it cost you if your printing business compromised client data because of a printing error? How would your organization be impacted if your printers were hacked? As service organizations and third-party vendors, organizations in the printing industry cater to a variety of organizations such as financial, government, or healthcare and are likely to interact with personally identifiable information (PII) on a regular basis. Because of this, it’s critical…