When preparing for a SOC 1 or SOC 2 examination, service organizations, particularly those who elect to report their subservice organizations using the carve-out method, often conclude that anything related to their subservice organizations is out of scope for their own SOC report.  However, that is not the case. This blog will discuss the requirements […]

With the rise of organizations providing artificial intelligence (AI) or machine learning (ML) tools and services, one has to wonder about the risks associated with those services and the security, at the very least, of the data used for and created as a result of the AI and ML services. Data considerations include the makeup […]

Risk has become a popular topic and the questions that come with that is how does one address risk and then continue to monitor those risks. In other words, you have created your risk matrix, but what is next? This article will address those questions by explaining the linkage between risks and controls. The four […]

As technology continues to evolve at an exponential rate, it’s not uncommon to feel overwhelmed or exhausted by the current rate of change. While new technologies are often introduced with the promise of benefits, they also introduce new challenges and risks. In 2023, there will continue to be plenty of focus on big data, edge […]

What is an Internal Audit? The Institute of Internal Auditors (IIA) defines internal audit as the “independent, objective assurance, and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and […]

Healthcare is a complicated topic. When the term is raised, the altruists among us focus on helping their fellow man. But like any endeavor managed by people, there is a business aspect to it. The business of healthcare faces the same problems as other types of businesses. It must operate efficiently, securely, and offer something […]

In today’s digital world and with many individuals working remotely and executing transactions over the internet, you may wonder how secure your connection is and if your information and that of your employer remain private. Unscrupulous individuals want your sensitive private data such as your personally identifiable information (PII) and your electronic protected health information […]

Are you interested in SOC services but unsure what will be asked from you if internal control deficiencies are found? We all know the scary words “qualification” or “misstatement”, but what about the less scary but still important term: deficiency? This is also known as a “finding” or “gap” and a deficiency can also be […]

Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.

Software supply chain attacks increased by 650% during 2021.  In addition, Gartner® predicts that by 2025 “45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.” The need for users to understand supply chain processes and the controls that exist to minimize risks around supply chain activities […]