SOC 2 Academy: What Types of Risks Does Your Organization Face?

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.1 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 3.1 (CC3.1) states, “The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.” Why is common criteria 3.1 so critical for SOC 2 compliance? Let’s discuss.…

Was the Audit Worth It?

by Sarah Harvey / June 14, 2023

Information security audits strengthen business operations, yet many organizations are fearful of the process. We understand organizations’ hesitance to spend the time, money, and resources on information security – but the threats are only going to get more pervasive and more sophisticated. When a company chooses to invest in information security, it’s evidence of their commitment to providing assurance to clients, prospects, regulators, and business partners. But before they choose…

Was the Gap Analysis Worth It?

by Sarah Harvey / June 14, 2023

What is a Gap Analysis? When an organization pursues an audit for the first time, we strongly recommend starting with a gap analysis. Why? The truth is: we don’t want you to fail the audit. We want to help you prepare for the audit so that you can meet your challenging compliance goals, and we want to educate you on what you’re getting into when you pursue an information security…

SOC 2 Academy: Communicating with External Parties

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 2.3 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 2.3 says, “The entity communicates with external parties regarding matters affecting the functioning of internal control.” What will an auditor look for when assessing this criterion? What do organizations need to do to comply…

SOC 2 Academy: Communicating with Internal Parties

by Joseph Kirkpatrick / August 23, 2023

Common Criteria 2.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 2.2 says, “The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.” What will an auditor look for when assessing this criterion? What do…