Are Pen Test and Vulnerability Scans Required for a SOC 2 Report?

Are Pen Test and Vulnerability Scans Required for a SOC 2 Report? There has been much confusion lately in the SOC 2 market as companies seek to understand the need-to-haves vs. the nice-to-haves when it comes to obtaining a SOC 2 report.  Much of this confusion was brought about by the December 2018 upgrade of the Trust Services Criteria, and associated Point of Focus, intended to align SOC 2 with the 2013 COSO framework.

What is the Difference between SOC 2 Type I and SOC 2 Type II?

If your clients or prospects have requested a SOC 2 report, obtaining a SOC 2 report typically follows a three step process. Step 1: Readiness Assessment A readiness assessment helps your organization prepare for a SOC 2 audit. Used for internal purposes, this assessment provides your organization with a roadmap to prepare for a SOC[…]

What is the difference between SOC 2 and SOC for Cybersecurity?

Overview of the SOC for Cybersecurity In 2017 the AICPA published guidance on a new cyber security risk management examination, System and Organization Controls for Cyber Security (SOC for Cybersecurity).  This SOC for Cybersecurity examination was created to address the growing need for reporting and attestation over an organization’s cyber security posture. The SOC for[…]

How to Choose a SOC 2 Audit Firm (with Vendor Scorecard Template)

Selecting the right partner to assist with SOC 2 compliance (or anything else) can be challenging. If you are trying to sort through the marketplace to select a vendor here are a few considerations. You can also download our free vendor selection template here. 1| Experience Assess resumes of the individuals who will be performing[…]