Video Archives

SOC 2 Academy: Preparing for Current and Future Availability Needs

by Joseph Kirkpatrick / December 16, 2022

Understanding Availability Criteria 1.1 When an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the availability category in their audit, they need to comply with the additional criteria…

SOC 2 Academy: Identifying Vendors as Carve-Out or Inclusive

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 9.2 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 9.1 says, “The entity assesses and manages risks associated with vendors and business partners.” How can organizations be sure that they’re complying with this criterion? Let’s discuss the difference between identifying your vendor as carve-out or inclusive…

SOC 2 Academy: Managing Vendor Risk

by Sarah Harvey / December 16, 2022

Common Criteria 9.2 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 9.2 says, “The entity assesses and manages risks associated with vendors and business partners.” How can organizations be sure that they’re complying with this criterion? Let’s take a look at key ways organizations can manage vendor risk.…

SOC 2 Academy: Mitigating Risks that Lead to Business Disruptions

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 9.1 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 9.1 says, “The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives.” How can organizations be sure that they’re complying with this criterion?…

SOC 2 Academy: Change Management Best Practices

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 8.1 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 8.1 says, “The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives.” How can organizations be sure that they’re complying with this criterion?…

Blog

Video

SOC 2 Academy: Preparing for Current and Future Availability Needs

SOC 2 Academy: Identifying Vendors as Carve-Out or Inclusive

SOC 2 Academy: Managing Vendor Risk

SOC 2 Academy: Mitigating Risks that Lead to Business Disruptions

SOC 2 Academy: Change Management Best Practices

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.