Video Archives

SOC 2 Academy: Recovering from a Security Incident

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 7.5 Because security incidents are a matter of when, not if, they occur, it’s a best practice to always analyze what happened and how an organization could have prevented it. That’s why during a SOC 2 audit, an auditor will assess an organization’s compliance with the 2017 Trust Services Criteria, which includes common criteria 7.5. Common criteria 7.5 says, “The entity identifies, develops, and implements activities to recover…

SOC 2 Academy: Testing Your Incident Response Plan

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 7.4 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 7.4 says, “The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate.” While we’ve already discussed why it’s important to establish incident response…

SOC 2 Academy: Incident Response Teams

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 7.4 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 7.4 says, “The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate.” Let’s take a look at what organizations need to do to…

SOC 2 Academy: Incident Response Best Practices

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 7.3 When an organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 7.3 says, “The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or…

SOC 2 Academy: Performing Daily Log Reviews

by Joseph Kirkpatrick / February 17, 2023

Common Criteria 7.2 Common criteria 7.2 of the 2017 Trust Services Criteria says, “The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity’s ability to meet its objectives; anomalies are analyzed to determine whether they represent security events.” When an auditor verifies an organization’s compliance with this criterion during a SOC 2 audit, they’ll…

Blog

Video

SOC 2 Academy: Recovering from a Security Incident

SOC 2 Academy: Testing Your Incident Response Plan

SOC 2 Academy: Incident Response Teams

SOC 2 Academy: Incident Response Best Practices

SOC 2 Academy: Performing Daily Log Reviews

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.