SOC 2 Academy: What’s New with SOC 2?

by Joseph Kirkpatrick / December 16, 2022

New Elements of SOC 2 In April 2017, the AICPA issued several updates to SOC 2 reporting. The most noticeable change is the revision from “Trust Services Principles and Criteria” to “Trust Services Criteria.” Other updates include points of focus, supplemental criteria, and the inclusion of the 17 principles from the 2013 COSO Internal Control Framework. Let’s take a look at how these principles will be used in a SOC…

SOC 1 Compliance Checklist: Are You Prepared for a SOC 1 Audit?

by Sarah Harvey / April 12, 2023

What is a SOC 1 Audit? The SOC 1 audit is based on an attestation standard developed by the American Institute of Certified Public Accountants (AICPA) to be used in the auditing of third-party service organizations, whose services are relevant to their clients’ impact over financial reporting. A SOC 1 Type I report is an attestation of controls at a service organization at a specific point in time. It reports on…

4 Reasons to Pursue a SOC for Cybersecurity Report

by Sarah Harvey / January 25, 2023

What is SOC for Cybersecurity? Reputational damage, disruption of business operations, fines, litigation, and loss of business can all be consequences of a cybersecurity attack. Because of these consequences and the vast threat landscape, the AICPA saw a need in the industry that it could fill: a general use report that describes an organization’s cybersecurity risk management program and verifies the effectiveness of its controls. Thus, SOC for Cybersecurity was…

Horror Stories – Magecart’s Malicious Skimming Campaign

by Sarah Harvey / June 14, 2023

In September, British Airways announced that 380,000 transactions were compromised during a breach that took place between August 21 and September 5. Fortunately, no travel or passport details were compromised, but payment information was obtained through digital skimming of the airline’s website and app. The UK’s National Crime Agency, National Cybersecurity Centre, and Information Commissioner’s Office are investigating this incident. This breach is being linked to Magecart, a threat group that…

5 Ways Business Associates and Covered Entities Can Prepare for HIPAA Compliance

by Sarah Harvey / December 21, 2023

In an industry that is based on customer trust, the healthcare industry must take the appropriate measures to ensure HIPAA compliance. The integrity of the industry relies on keeping Protected Health Information (PHI) just that: protected. HIPAA non-compliance means more than just organizational, financial, and reputational implications for healthcare organizations, it could be life-threatening to patients. And with more and more healthcare security breaches being reported to the HHS, it’s…