Fred is an accomplished Information Technology consulting professional with 12+ years of experience in cyber security compliance audits. Fred is currently responsible for managing SOC 1 and SOC 2 engagements across the United States for mostly SaaS companies. He started his career at Deloitte in their Enterprise Risk Services practice. Fred has served as a board member for his local ISACA chapter and holds current CISA and CISSP certifications.
All SOC 2 examinations must include security common criteria. This includes reviewing a company’s (i.e., entity’s) risk assessment process (risks identified, risk matrix, controls in place to address the risks, etc.). However, one of the challenges that the AICPA has found when it comes to doing risk assessments is that companies are unclear on what […]
Personal Identifying Information (PII), Payment Card Industry (PCI) information, and Protected Health Information (PHI) are all information requiring heightened controls to protect the owning person from exploitation. In 2024, several high-profile data breaches exposed sensitive information, highlighting the ongoing struggle to protect PII, PCI, and PHI. In March, AT&T was breached, compromising data from 7.6 […]
