"*" indicates required fields
Fred is an accomplished Information Technology consulting professional with 12+ years of experience in cyber security compliance audits. Fred is currently responsible for managing SOC 1 and SOC 2 engagements across the United States for mostly SaaS companies. He started his career at Deloitte in their Enterprise Risk Services practice. Fred has served as a board member for his local ISACA chapter and holds current CISA and CISSP certifications.
In a world where digital risk, regulatory expectations, and emerging technologies are accelerating, strong IT Governance remains foundational. SOC 2 compliance continues to be a key mechanism for service organizations to show they have strong controls. Understanding how IT governance and SOC 2 align, and where recent changes affect that alignment, is more critical than […]
All SOC 2 examinations must include security common criteria. This includes reviewing a company’s (i.e., entity’s) risk assessment process (risks identified, risk matrix, controls in place to address the risks, etc.). However, one of the challenges that the AICPA has found when it comes to doing risk assessments is that companies are unclear on what […]
Personal Identifying Information (PII), Payment Card Industry (PCI) information, and Protected Health Information (PHI) are all information requiring heightened controls to protect the owning person from exploitation. In 2024, several high-profile data breaches exposed sensitive information, highlighting the ongoing struggle to protect PII, PCI, and PHI. In March, AT&T was breached, compromising data from 7.6 […]
