SOC 2 Videos
How can you prove you’re not an at-risk vendor? How can you give your clients the assurance they need that you’re protecting their critical assets? SOC 2 audits help to address third-party risk concerns by evaluating internal controls, policies, and procedures that directly relate to the security of a system at a service organization. KirkpatrickPrice’s free video series on SOC 2 Reports covers everything from determining who should have a SOC 2 audit performed, selecting appropriate Trust Services Principles, and understanding the SOC 2 audit process itself.
SOC 2 Report Criteria and FAQs
/in SOC 2, Video /by Joseph KirkpatrickWhen a client pursues a SOC 2 audit for the first-time, they normally ask: What are the requirements of a SOC 2 audit? How are we going to be judged? What can I do to prepare? KirkpatrickPrice strives to be your audit partner and will work with your organization to answer each of these SOC 2 FAQs. Let’s review a key exercise to perform when preparing for a SOC 2 audit.
What Will Be in My SOC 2 Report?
/in SOC 2, Video /by Maggie AustinYou’ve partnered with a third party, you’ve properly scoped your environment, you’ve conducted a SOC 2 gap analysis, you’ve remedied any non-compliant findings, you’ve worked with your auditor, you’ve completed your SOC 2 audit, and now you’re finally receiving your SOC 2 report. Congratulations! So, what’s actually included in a SOC 2 report?
What is the Purpose of the SOC 2 Privacy Principle?
/in SOC 2, Video /by Sarah HarveyOnce you’ve determined you are ready to pursue a SOC 2 audit report, the first thing you have to decide is which of the five Trust Services Criteria you want to include in your SOC 2 audit report. Typically, service organizations that are concerned about the Privacy Principle are collecting, using, retaining, disclosing, and/or disposing of personal information to deliver their services.
What’s the Difference Between SOC 2 Type I and SOC 2 Type II?
/in SOC 2, Video /by Joseph KirkpatrickA SOC 2 audit report provides user entities with reasonable assurance and the peace of mind that the controls at a service organization are suitably designed, in place, and appropriately protecting client data. There are two types of SOC 2 audit reports – SOC 2 Type I and a SOC 2 Type II. Do you need a SOC 2 Type I or a SOC 2 Type II? What’s the difference? Which one makes the most sense for your organization?
What Is The SOC 2 Security Principle?
/in SOC 2, Video /by Sarah HarveyThe SOC 2 Security Principle is a must and should be included in any non-privacy SOC 2 engagement. The Security Principle common criteria eliminates the overlap between each of the Trust Services Principles and must be reviewed by every organization before being audited against the SOC 2 security principle. Read more to find out how your organization should be applying the SOC 2 security common criteria.
Selecting SOC 2 Trust Service Principles
/4 Comments/in SOC 2, Video /by Sarah HarveyOnce you’ve determined you are ready to pursue a SOC 2 audit report, the first thing you have to decide is which of the five Trust Services Principles you want to include in your SOC 2 audit report. SOC 2 reports can address one or more of the following principles: Security, Confidentiality, Availability, Processing Integrity, or Privacy. Becoming familiar with these principles should be the first step in determining the scope of your SOC 2 audit and deciding which of these principles apply to the services your organization provides.
Why am I Being Asked about SOC 2 Compliance?
/in SOC 2, Video /by Sarah HarveyIf you’re being asked about SOC 2 compliance for the first time, you may be wondering why. It’s becoming increasingly common for organizations to request that their vendors become SOC 2 compliant so they can ensure that the companies they are working with are appropriately protecting their sensitive information. Perhaps you’re a vendor of a […]
The History of SOC 2 Reports
/in SOC 2, Video /by Sarah HarveyIn order to understand the purpose of a Service Organization Control (SOC) 2 Report, it’s important to understand the background and history of how the SOC 2 came in to existence as a way for service organizations to manage the risks associated with outsourcing services.