What is a Risk Assessment? – Learn The 5 Steps to a Risk Assessment

by Joseph Kirkpatrick / March 27th, 2018

What is the Purpose of a Risk Assessment? Most information security frameworks require a formally documented, annual risk assessment. You will see this requirement over and over again in your pursuit of SOC 1, SOC 2, PCI DSS, HIPAA, or HITRUST CSF compliance. But what exactly is a risk assessment and why is it so important to information security frameworks? Let's find out. What is a Risk Assessment? A risk…

Understanding Your SOC 1 Report: The 5 Components of Internal Control

by Joseph Kirkpatrick / March 20th, 2018

 What are the Components of Internal Control (CRIME)? The framework utilized for a SOC 1 audit is known as the COSO Internal Control Framework. It’s one of the most common models used to design, implement, maintain, and evaluate internal control. To have an effective system of internal control, the COSO framework requires that service organizations have the defined components of internal control present, functioning, and supporting business and internal…

Understanding Your SOC 1 Report: The 3 Objectives of COSO

by Joseph Kirkpatrick / March 12th, 2018

What is the COSO Internal Control Framework? The framework utilized for a SOC 1 audit is known as the COSO Internal Control Framework. The COSO framework is one of the most common and important models used to design, implement, maintain, and evaluate internal control. It’s regarded as the definitive model against which organizations determine the effectiveness of their internal control. The COSO framework was established in 1992, but updated in…

Understanding Your SOC 1 Report: What is a SOC 1 Report?

by Joseph Kirkpatrick / February 7th, 2018

What is a SOC 1 Report? Has a prospect recently asked if your organization has a SOC 1 report? Has a top client requested that you begin completing annual SOC 1 audits? Meanwhile, you're just wondering, what is a SOC 1 report? Does your service organization affect user organization’s financial reporting? A SOC 1 would apply to you. SOC 1 engagements are based on the SSAE 18 standard developed by…

Understanding Your SOC 1 Report: How Does Sampling Work?

by Joseph Kirkpatrick / January 31st, 2018

Sampling During a SOC 1 Audit When an auditor performs a test of control during a SOC 1 audit, it may be appropriate to apply sampling. Sampling is applying audit procedures to less than 100% of a population. The types of populations that could need to be tested include new hire training forms, employee acknowledgements of policies and procedures, antivirus reports, or access control logs. The PCAOB states that sampling…