Video Archives

SOC 2 Academy: Detect and Monitor Changes in Your System Configurations

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 7.1 When an organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 7.1 says, “To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities.” What…

SOC 2 Academy: Change Control Processes

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.8 While understanding how to prevent and detect unauthorized software from being installed on your network is important, organizations pursuing SOC 2 compliance should also implement change control processes to mitigate any further risks of unauthorized software being installed. When an organization engages in a SOC 2 audit, an auditor will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria.…

SOC 2 Academy: Preventing and Detecting Unauthorized Software

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.8 During a SOC 2 audit, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.8. Common criteria 6.8 says, “The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives.” What…

SOC 2 Academy: Access Controls for Remote Employees

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.7 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.7. Common criteria 6.7 says, “The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission,…

SOC 2 Academy: Movement of Data

by Joseph Kirkpatrick / February 3, 2023

Common Criteria 6.7 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.7 says, “The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives.” How does understanding the…

Blog

Video

SOC 2 Academy: Detect and Monitor Changes in Your System Configurations

SOC 2 Academy: Change Control Processes

SOC 2 Academy: Preventing and Detecting Unauthorized Software

SOC 2 Academy: Access Controls for Remote Employees

SOC 2 Academy: Movement of Data

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.