Blog

SOC 2 Academy: A Board’s Independence from Management

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 1.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 1.2 states, “The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.” Let’s take a look at how boards of directors can demonstrate independence from…

SOC 2 Academy: How Does an Auditor Test for Integrity?

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 1.1 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that the organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 1.1 states, “The entity demonstrates a commitment to integrity and ethical values.” So, what does an organization need to do to demonstrate this? How will the auditor test for integrity? Let’s discuss. Tone…

FERPA FAQ – What You Need to Know About FERPA Compliance

by Sarah Harvey / December 16, 2022

Does your organization process, store, transmit, or use educational records? Are you responsible for ensuring that the information of students remains secure? FERPA is one of the most significant federal regulations in the education sector, aimed at protecting the privacy of students and their parents. Undergoing a FERPA audit is one way that educational institutions can identify and mitigate any vulnerabilities in their security infrastructure and are doing what is needed…

Investing Where It Matters: Unbounce’s Commitment to GDPR Compliance

by Sarah Harvey / December 16, 2022

There’s no doubt that the GDPR is reshaping the marketing industry, and yet many marketers remain unsure about what the law actually requires. The regulation is long, confusing, and in many areas, vague. Plus, there’s immediate tension between GDPR requirements and marketing principles. A marketer’s goal is to gain identification information, while GDPR’s goal is to limit identification information to what's strictly necessary. Let’s take a look at how Unbounce,…

SOC 2 Academy: Integration with the COSO Framework

by Joseph Kirkpatrick / December 16, 2022

The Five Components of Internal Control: CRIME The COSO Internal Control — Integrated Framework is one of the most common models used to design, implement, maintain, and evaluate internal controls and is split into five components: control environment, risk assessment, information and communication, monitoring activities, and existing control activities. A common way to remember these five components that are used to evaluate the effectiveness of internal controls is the acronym…

SOC 2 Academy: A Board’s Independence from Management

SOC 2 Academy: How Does an Auditor Test for Integrity?

FERPA FAQ – What You Need to Know About FERPA Compliance

Investing Where It Matters: Unbounce’s Commitment to GDPR Compliance

SOC 2 Academy: Integration with the COSO Framework

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.