Imagine that your system is under attack and your customers are unable to access your system because of this disruption in service. What do you do next and how do you respond? This is where incident management comes into play. An effective incident management process and incident response plan help return your system to normal […]
Has one or more of your customers requested that you undergo a SOC 2 audit? If so you may be asking yourself, what is a SOC 2 report and how do I become SOC 2 compliant? The answers are not as straightforward as you may have hoped as no SOC 2 report is the same. […]
There are five Trust Service Principles (TSPs) that can be included in the scope of a SOC 2 examination.
As the requirement to receive SOC 1 or SOC 2 reports as part of a contract, request for proposal (RFP), or security program increases as a barrier to receiving major clients, it’s important to understand who can perform these audits. This post will identify a number of questions to answer who exactly can perform SOC […]
If you are reading this article, chances are that your auditor has told you that you have an audit exception or, even worse, multiple “audit exceptions.” Hearing that phrase strikes fear and panic into the hearts of many. While some of those reactions may be justified, I have found that many suffer more than necessary […]
In this article, we will cover some common questions that come up related to SOC 2 reports. SOC 2 compliance does not have to be difficult although with some of the terminology, it can initially be confusing. So what are SOC 2 reports and examinations? Let’s dive in! What is SOC 2 Certification or Attestation? […]
With the rise of cloud computing, there has been an increased emphasis within the government to transition to commercial cloud services. In fact, it is actually mandated within the government to move to cloud-based services if they are available to meet the mission need of the federal agency. This is all in an effort to […]
What is Change Control? Change control is a standardized process by which all changes are introduced into a production environment in a controlled and repeatable manner that ensures only authorized changes are being deployed. For service organizations, the change control process is considered an IT general control and the service organization’s change management controls will […]
In completing SOC 1 and SOC 2 examinations (and most other types of audits), there is testing involved to determine the operating effectiveness of controls. There are different types of tests that can be applied to testing controls (for more information on the five types of tests refer to our article, Five Types of Testing Methods […]
How bad is a qualified report? This question comes up almost every time a qualified report is issued to a service organization.