What is the Difference between SOC 2 Type I and SOC 2 Type II?

If your clients or prospects have requested a SOC 2 report, obtaining a SOC 2 report typically follows a three step process. Step 1: Readiness Assessment A readiness assessment helps your organization prepare for a SOC 2 audit. Used for internal purposes, this assessment provides your organization with a roadmap to prepare for a SOC[…]

Simple Guide to SOC for Cybersecurity (Whitepaper)

In April 2017 the AICPA released the SOC for Cybersecurity examination. The report’s goal is to provide Companies a report type that is more appropriate for general distribution and that also provides report readers visibility into the Company’s cybersecurity risk management program. This whitepaper provides an overview of SOC for Cybersecurity and clarifies the distinctions[…]

What is the difference between SOC 2 and SOC for Cybersecurity?

Overview of the SOC for Cybersecurity In 2017 the AICPA published guidance on a new cyber security risk management examination, System and Organization Controls for Cyber Security (SOC for Cybersecurity).  This SOC for Cybersecurity examination was created to address the growing need for reporting and attestation over an organization’s cyber security posture. The SOC for[…]

How to Choose a SOC 2 Audit Firm (with Vendor Scorecard Template)

Selecting the right partner to assist with SOC 2 compliance (or anything else) can be challenging. If you are trying to sort through the marketplace to select a vendor here are a few considerations. You can also download our free vendor selection template here. 1| Experience Assess resumes of the individuals who will be performing[…]

What SOC 2 Updates to COSO 2013 Mean for You (Whitepaper)

Beginning December 15, 2018, (with optional adoption beginning April 2017) all SOC 2 reports will be required to utilize the updated Trust Services Criteria. The updated trust services criteria are an update to align with the seventeen COSO 2013 framework principles. If you would like to download the complete whitepaper please send us a note.[…]

How to Read a SOC Report (with Presentation)

Virtually all businesses rely on third party service providers. These third parties may range from common offerings like payroll and payment processing providers to specialized SaaS applications and solutions, or may even be leveraged to replace entire divisions of a business (e.g. technical support or IT security). To gain confidence in, and an understanding of[…]