Blog

SOC 2 Academy: Assigning Roles and Responsibilities

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.3 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.3. Common criteria 6.3 says, “The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system…

Canada’s New Breach Notification Law: Preparation and Impact

by Sarah Harvey / December 16, 2022

On November 1, 2018, Canada’s Data Privacy Act amended the Personal Information Protection and Electronic Data Act (PIPEDA) to include Breach of Security Safeguards Regulations. Organizations subject to PIPEDA will now have to report breaches that pose a “real risk of significant harm” to affected individuals to the Office of the Privacy Commissioner of Canada (OPC). What does this new regulation mean for organizations and how can they operate in…

Voice-Enabled Devices and Data Privacy: Lessons Learned from Amazon

by Sarah Harvey / December 16, 2022

“Alexa, what’s the weather like in Nashville today?” Amazon’s Alexa, Apple’s Siri, the Google Assistant – the list of voice assistants and voice-enabled devices seems to just keep growing. “Hey Google, could you set an alarm for 8:00 AM tomorrow?” Their basic goal is to make our lives easier, right? Through voice assistants’ language processing abilities, they can complete all types of tasks – stream music, set an alarm, take…

SOC 2 Academy: Registering Internal and External Users

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.2 When a service organization undergoes a SOC 2 audit, auditors will validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.2 says, “Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity. For those users whose access is administered by the…

SOC 2 Academy: How to Perform a Thorough Inventory

by Joseph Kirkpatrick / May 31, 2023

Common Criteria 6.1 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.1 says, “The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity’s objectives.” While we have discussed many points of focus that organizations…

SOC 2 Academy: Assigning Roles and Responsibilities

Canada’s New Breach Notification Law: Preparation and Impact

Voice-Enabled Devices and Data Privacy: Lessons Learned from Amazon

SOC 2 Academy: Registering Internal and External Users

SOC 2 Academy: How to Perform a Thorough Inventory

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.

BLOG

SOC 2 Academy: Assigning Roles and Responsibilities

Canada’s New Breach Notification Law: Preparation and Impact

Voice-Enabled Devices and Data Privacy: Lessons Learned from Amazon

SOC 2 Academy: Registering Internal and External Users

SOC 2 Academy: How to Perform a Thorough Inventory

Categories

Newsletter

Our Cybersecurity Mission