We have been working with companies to go from zero to compliant with something for over ten years now. That something has included SOC 1, SOC 2, HIPAA, FedRAMP, ISO, PCI and a bunch of other sets of requirements that get a bit esoteric to include at risk of making your eyes glaze over from […]
What is the Hardest Part of Passing Your First Audit? Read More »
What is SOC 2 Availability Criteria? The Availability Criteria is one of the five Trust Services Criteria defined by the AICPA. It is an incremental criteria to the Common Criteria (also known as the Security Criteria), so you can’t do this one on its own – it’s one for extra credit. The availability criteria focuses
SOC 2 Availability Criteria Read More »
What is SOC 2 Risk Mitigation (CC9)? Risk mitigation is an incredibly important aspect of managing your organization’s security. While being able to respond to security incidents is essential, the best way to safeguard your organization is to reduce the likelihood of problems occurring in the first place. Your risk mitigation plan needs to be
SOC 2 CC9: Common Criteria related to Risk Mitigation Read More »
What is SOC 2 Change Management (CC8)? Organizations are responsible for making necessary changes to protect, enforce, and improve its systems. Although being able to make changes and adapt to new situations is essential, it is important to have a plan in place for how to best go about implementing these critical actions. Managing changes
SOC 2 CC8: Common Criteria related to Change Management Read More »
What is SOC 2 System Operations (CC7)? Organizations are responsible for managing the operation of their systems, which means they need to continuously work to detect, prevent, and address any security issues that may impact their business. Staying on top of monitoring security protocols, preventing and responding to security incidents, and having a plan of
SOC 2 CC7: Common Criteria related to System Operations Read More »
What is SOC 2 Logical and Physical Access (CC6)? Organizations are responsible for controlling logical and physical access to their protected information by using appropriate security software,infrastructure, and architectures. Implementing and maintaining these necessary controls will protect your company’s valuable data and prevent unwanted security events. It will also help you meet the requirements outlined
SOC 2 CC6: Common Criteria related to Logical and Physical Access Read More »
What Is the SOC 2 Control Environment (CC1)? Out of the Common Criteria, the Control Environment (also known as CC1), addresses several entity level controls that are expected to be in place across the Company. Much like the Common Criteria 2 through 5, CC1 is based upon COSO and borrows from its requirements to use
SOC 2 CC1: Common Criteria related to the Control Environment Read More »
Have you ever been asked by a client for a bridge letter? Have you received one from a vendor, and you’re curious as to what it means? Is it an official document, or can anyone write and issue one? Read on to find out! What is a Bridge Letter? A bridge letter, also known as
Bridge Letter: Things You Should Know Read More »
The most common reason for a company to have a SOC report is because their customers ask for (or demand) the report to be able to either do business or continue doing business with the company. When someone calls us for the first time, we will first gain an understanding about why they feel like
Do I Really Need a SOC 1 or 2 Report? Read More »
Type 1 or Type 2? One of the many confusing things about getting a SOC audit for your business is deciding which would best help you meet your customers’ needs. Due to confusing naming conventions, you get to pick from a confusing number of options with the most popular being: “SOC 1 Type 1”, “SOC 1 Type
How to select a Type 1 or Type 2 SOC Report Read More »
