By:
Nate Kocan
December 17th, 2024
When committing to a SOC 2 examination—or any compliance initiative—one of the first questions that gets asked regards the necessary budget and time commitments. While this will vary among different organizations—depending on a few different factors—there’s also variance in the effort required to both prepare for that first examination and that spent on the ones in the following years.
By:
TERRY O'BRIEN
November 19th, 2024
When planning for a SOC examination, there are several decisions that the service organization undergoing the evaluation must make in order to ensure their needs—as well as those of their customers—are met, be it deciding which vendors are subservice organizations, treatment of subservice organizations (carve-out vs. inclusive), or which type of report you need. Another key decision you must make is determining your SOC reporting period, and there are a few factors to consider before you do so.
ISO Certifications | SOC Examinations | Artificial Intelligence
By:
DANNY MANIMBO
November 4th, 2024
For anyone immersed in digital technology, you know that artificial intelligence (AI) is all the rage right now, and for good reason, the use cases for this technology are growing all the time. But as AI continues to enmesh with daily life as well as business, security concerns have grown in parallel, as have questions regarding the implications on organizations and their ongoing compliance efforts. At the top of mind for many has been how AI factors into SOC 2 examinations.
ISO Certifications | SOC Examinations | SOC 2 | ISO 27001
By:
KRISTEN WILBUR
September 10th, 2024
As they’re now two of the most popular compliance initiatives in the world, many organizations often choose to pursue either SOC 2 or ISO 27001, and others are tackling both. In fact, there are strategic benefits to be gained in undergoing both a SOC 2 examination and achieving ISO 27001 certification, especially as you can do both at the same time.
By:
COLLIN VARNER
July 16th, 2024
Ugh, it’s happened—during your SOC examination, your service auditor identified a deviation from your intended process, and that resulted in a testing exception. Given that your customers (and other stakeholders) are relying on your SOC report for reassurance regarding the effectiveness of your controls, you need to address that deviation—but how?
By:
RYAN MACKIE
June 13th, 2024
As the need for SOC 2 examinations continues to grow domestically as well as internationally, many organizations now either find themselves taking on more and more assessments or trying to appease a client base that requires a SOC 2 examination when the typical product or platform approach may not apply. When these situations crop up, we are seeing more adoption of what’s known as an enterprise services SOC 2 examination.
By:
COLLIN VARNER
January 18th, 2024
When pursuing a SOC 2 examination, a popular first step for many organizations—particularly those just stepping into the world of compliance for the first time—is the SOC 2 readiness assessment. But for those first-timers who don’t know what to expect from such a process, it might help to have a primer.
By:
Adam Russell
October 5th, 2023
Internal Audit (IA) and Governance, Risk, and Compliance (GRC) professionals are often charged with reading SOC reports from service providers to gain an understanding of each vendor’s controls, but many may not know how you can also use these reports to also enhance, mature, and drive their own audit and governance functions.