The Federal Risk and Authorization Management Program (FedRAMP) is a federal program focused on providing a consistent process for evaluating the security of commercial cloud service providers (CSP) that seek to provide services to the federal government. The FedRAMP process involves five primary entities but depending on the path a CSP takes to achieve an […]
In 2013, the Committee of Sponsoring Organizations of the Treadway Commission, better known as COSO, enhanced their internal control framework that has been widely adopted globally by a large number of organizations. This internal control framework is made up of five COSO components and 17 COSO principles that is used by many organizations to comply […]
What are SOC services in relation to service organization control audits? SOC services, in this context, refers to System and Organization Controls (SOC) and the suite of services CPA firms provide for auditing these controls at a service organization. These audits are referred to as SOC audits. There are several different kinds of SOC audits […]
There is no such thing as a SOC or SSAE 16 (known as SOC 1, which is the marketing name for the standard) certification.
Over the last decade, blockchain security and how it affects cybersecurity has become a hot topic among the information technology and financial circuits. But as with all technology, one must ask how safe it is to use. The most common form of blockchain implementation is known as Bitcoin. Bitcoin has since become one of many […]
You have poured your blood, sweat, and tears in to your startup and it is about to pay off. You are close to finalizing a deal with a new, large customer. You have worked long and hard to connect with them and demonstrate the value of your service or system. They are excited. You are […]
A simple FedRAMP definition is that FedRAMP is a government program designed to bring consistent and repeatable processes to security evaluations of cloud service offerings (CSO) for the federal government. The FedRAMP authorization process is designed to leverage a single security assessment for multiple federal agencies that would like to use the CSO. FedRAMP is […]
Imagine that your system is under attack and your customers are unable to access your system because of this disruption in service. What do you do next and how do you respond? This is where incident management comes into play. An effective incident management process and incident response plan help return your system to normal […]
Has one or more of your customers requested that you undergo a SOC 2 audit? If so you may be asking yourself, what is a SOC 2 report and how do I become SOC 2 compliant? The answers are not as straightforward as you may have hoped as no SOC 2 report is the same. […]
There are five Trust Service Principles (TSPs) that can be included in the scope of a SOC 2 examination.