Blog

SOC 2 Academy: Making Informed Decisions

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 2.1 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 2.1 states, “The entity obtains or generates and uses relevant, quality information to support the functioning of internal control.” Let’s discuss why it’s important that service organizations demonstrate that they are making informed decisions…

SOC 2 Academy: Holding Your Employees Accountable

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 1.5 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 1.5 (CC1.5) states, “The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives.” What do organizations need to do to demonstrate that they are holding employees accountable? Organizations can…

SOC 2 Academy: Attracting, Developing, and Retaining Confident Employees

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 1.4 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the SOC 2 Trust Services Criteria. Common criteria 1.4 says that an organization must demonstrate a commitment to attracting, developing, and retaining competent employees in alignment with objectives. How can organizations do this? Let’s discuss. Attracting, Developing, and Retaining Competent Employees During a SOC…

Why Quality Audits Will Always Pay Off: You Get What You Pay For

by Sarah Harvey / June 14, 2023

What would be the impact to your organization if your information security auditor did not conduct a thorough audit? How would it impact your organization if you partnered with an auditing firm whose quality of services and integrity was questioned by industry regulators? Too often, organizations must deal with the aftermath of receiving an audit that wasn’t thorough enough. This could mean public-facing S3 buckets, active directory policies do not…

SOC 2 Academy: Defining the Responsibilities of Employees

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 1.3 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 1.3 (CC1.3) states, “Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.” Let’s discuss at how organizations can go about defining the responsibilities of employees…

SOC 2 Academy: Making Informed Decisions

SOC 2 Academy: Holding Your Employees Accountable

SOC 2 Academy: Attracting, Developing, and Retaining Confident Employees

Why Quality Audits Will Always Pay Off: You Get What You Pay For

SOC 2 Academy: Defining the Responsibilities of Employees

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.