Remote Auditing vs. Onsite Assessments: What Do I Want?

by Sarah Harvey / June 14, 2023

There’s a lot to consider when choosing an audit partner. What does their audit process look like? What kind of services do they offer? How will they help you reach your audit objectives? How much do they charge? Will they perform a remote audit or an onsite assessment? While these are all valid concerns, organizations also have to consider their own intentions behind pursing compliance: is it required to partner…

Are Your Remote Employees Working Securely?

by Sarah Harvey / June 15, 2023

Employees are often considered an organization’s weakest link, but remote employees create additional risks that businesses must be cognizant of. As more and more businesses opt to hire remote employees, they need to prepare for and stay ahead of these risks. What would happen if a remote employee used public WiFi and a malicious hacker gaining access to your organization’s sensitive files? What would be the impact if your remote…

SOC 2 Academy: Protection Through Logical Access

by Joseph Kirkpatrick / May 31, 2023

Common Criteria 6.1 When a service organization undergoes a SOC 2 audit, auditor will look to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.1 says, “The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity’s objectives.” What will an auditor look for when assessing…

SOC 2 Academy: Expectations of Policies and Procedures

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 5.3 Like with many other frameworks, including PCI DSS and HIPAA, policies and procedures are an integral component of achieving SOC 2 compliance. Why? Because during a SOC 2 audit, an auditor will assess an organization’s compliance with the 2017 SOC 2 Trust Services Criteria. As part of that, an auditor will verify whether or not an organization complies with common criteria 5.3, which says, “The entity deploys…

SOC 2 Academy: Designing Processes for Your Technology

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 5.2 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 5.2. Common criteria 5.2 says, “The entity also selects and develops general control activities over technology to support the achievement of objectives." This means that organizations need to…