by
Sarah Harvey / July 12, 2023
What is GDPR? The European Union’s General Data Protection Regulation (GDPR) is not just one of many other data protection frameworks or requirements. GDPR is the top regulatory focus of 2018, even among US companies, and is considered to be one of the most significant information security and privacy laws of our time. The applicability of the law follows the data, rather than following a person or location. The scope…
by
Joseph Kirkpatrick / December 20, 2022
The Auditor's Test of Controls: Review, Observe, and Interview At the end of a SOC 1 Type II report, you’ll find a section titled, “Information Provided by the Independent Service Auditor.” Within this section, you will find “Auditor’s Test of Controls,” which is a description of the controls that were tested during the audit, procedures used for testing these controls, and the results of the testing. The test of controls…
by
Sarah Harvey / December 20, 2022
Have you been hearing about the General Data Protection Regulation? Do you collect, use, or process personal data of subjects in the European Union? What is GDPR? Who must comply? How can you prepare? Should you complete a GDPR assessment? With the repercussions of data breaches hitting the headlines more often every day, it’s important to understand how this privacy legislation is going to affect your business and to ask…
by
Joseph Kirkpatrick / December 20, 2022
Driven by Risk An information security audit is largely driven by risk. We know that your clients rely upon our opinion; we don’t take that lightly. We will do everything possible to gain reasonable assurance that controls are in place and operating effectively. This is why audit risk, control risk, and detection risk are so important to us. These elements of risk overlap and work together, but they also drive…
by
Joseph Kirkpatrick / December 20, 2022
Operating Effectively Over a Period of Time When considering pursuing a SOC 1 Type II report, there’s a new element to consider: determining your audit period. It’s important to remember that a SOC 1 Type I and a SOC 1 Type II both report on the controls and processes at a service organization that may impact their user entities’ internal control over financial reporting. However, unlike a Type I report,…
