SOC 2 Academy: Designing Processes for Your Technology

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 5.2 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 5.2. Common criteria 5.2 says, “The entity also selects and develops general control activities over technology to support the achievement of objectives." This means that organizations need to…

SOC 2 Academy: Implementing Internal Controls

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 5.1 When an organization undergoes a SOC 2 audit, auditors need to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 5.1 says, “The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.” What will an auditor look for when assessing this criterion? What do organizations…

SOC 2 Academy: Internal Control Deficiencies

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 4.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 4.2 says, “The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.” What will…

SOC 2 Academy: Who is Monitoring Internal Controls?

by Joseph Kirkpatrick / December 16, 2022

Establishing methods of effective monitoring is a critical component of SOC 2 compliance. During a SOC 2 audit, an auditor will not only assess whether or not an organization is effectively monitoring their internal controls but also whether or not the proper person is monitoring those internal controls. Why is that? It comes down to the need for checks and balances, so let’s discuss. Monitoring Internal Controls When deciding who…

SOC 2 Academy: Evaluations of Internal Control

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 4.1 When a service organization undergoes a SOC 2 audit, auditors will look to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 4.1 (CC4.1) states, “The entity selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.” Why is it so important that organizations effectively perform evaluations…