SOC 2 Academy: How to Manage Risks

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 3.2 (CC3.2) states, “The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.” We’ve discussed the different…

Read More

SOC 2 Academy: Communicating with External Parties

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 2.3 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 2.3 says, “The entity communicates with external parties regarding matters affecting the functioning of internal control.” What will an auditor look for when assessing this criterion? What do organizations need to do to comply…

Read More

SOC 2 Academy: Communicating with Internal Parties

by Joseph Kirkpatrick / August 23, 2023

Common Criteria 2.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 2.2 says, “The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.” What will an auditor look for when assessing this criterion? What do…

Read More