Blog

Was the Audit Worth It?

by Sarah Harvey / June 14, 2023

Information security audits strengthen business operations, yet many organizations are fearful of the process. We understand organizations’ hesitance to spend the time, money, and resources on information security – but the threats are only going to get more pervasive and more sophisticated. When a company chooses to invest in information security, it’s evidence of their commitment to providing assurance to clients, prospects, regulators, and business partners. But before they choose…

Was the Gap Analysis Worth It?

by Sarah Harvey / June 14, 2023

What is a Gap Analysis? When an organization pursues an audit for the first time, we strongly recommend starting with a gap analysis. Why? The truth is: we don’t want you to fail the audit. We want to help you prepare for the audit so that you can meet your challenging compliance goals, and we want to educate you on what you’re getting into when you pursue an information security…

SOC 2 Academy: Communicating with External Parties

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 2.3 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 2.3 says, “The entity communicates with external parties regarding matters affecting the functioning of internal control.” What will an auditor look for when assessing this criterion? What do organizations need to do to comply…

SOC 2 Academy: Communicating with Internal Parties

by Joseph Kirkpatrick / August 23, 2023

Common Criteria 2.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 2.2 says, “The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.” What will an auditor look for when assessing this criterion? What do…

SOC 2 Academy: The Importance of Organizational Communication

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 2.2 Communication is one of the underpinnings of meeting the requirements within the SOC 2 Trust Services Criteria. Common criteria 2.2 says, “The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.” For any type of organization to operate efficiently, there needs to be established avenues of communication for all employees. How will an employee know who to…

Was the Audit Worth It?

Was the Gap Analysis Worth It?

SOC 2 Academy: Communicating with External Parties

SOC 2 Academy: Communicating with Internal Parties

SOC 2 Academy: The Importance of Organizational Communication

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.