In our increasingly digital world, cybersecurity is critical to ensure the security, availability, and confidentiality of customer data. Recent events around the world, such as the ransomware attack that forced the shutdown of the nation’s biggest fuel pipeline in May 2021, should be sufficient cause for all businesses to place cybersecurity as their top priority. […]

Over the last several years there has been a growth in the offering of SOC 2 software tools or, also thought of as SOC 2 compliance monitoring tools (of which these terms will be used interchangeably throughout this article). These tools provide functionality and support designed to help a service organization attain SOC 2 compliance. […]

We often meet with executives of small and medium-sized companies who are debating whether or not they need a System and Organization Controls (SOC) report. The decision comes down to one simple question: “Are your customers asking for a SOC report?” If they are, you will need to get one or be prepared to lose […]

We have a few blogs written on penetration testing. These blogs include information on the steps or phases to properly conduct a penetration test, how penetration tests relate to satisfying SOC 2 requirements, information on how penetration testing compares to vulnerability assessments, and more. Feel free to check out these related blogs: External Penetration Testing […]

What is IT Change Management? IT change management is a standardized end-to-end process that enables changes, including application, infrastructure, and configuration changes, to be deployed to a production IT environment in a controlled and consistently repeatable manner. IT change management provides the mechanism or workflow that makes sure only authorized changes are made to production. […]

Blockchain technology is changing the way businesses around the world operate and provide services. Blockchain is currently most known for its association with cryptocurrencies, most notably, Bitcoin. The use of blockchain extends beyond cryptocurrencies as use cases flourish and major companies invest in blockchain technology. With new integrations and solutions in development, blockchain will disrupt […]

Section 5, the unaudited section, of the SOC 2 report can vary significantly between reports. It may contain a lot of details about the service organization or it may only contain a response from management for a deficiency. So what can go in this section? There are various topics that can be included that can be […]

Service organization management and the service auditor each have specific responsibilities in a SOC 2 examination. This blog describes the service auditor’s responsibilities, including the preconditions of engagement acceptance and the importance of understanding the terms of the engagement with management. If you are a service organization looking for a new service auditor, client acceptance […]

Of all the day-to-day priorities and to-do’s, worrying about audit risk probably has not risen to the top of your list. Should it? Maybe “out of sight, out of mind” is a better approach? It seems like a boring thing to think about, and you probably have more pressing matters on your mind. While this […]

Over the last year, the world saw a number of major security breaches in the news. Some notable ones include the SolarWinds attack, Colonial Pipeline Hack, and JBS U.S. Beef plant attack. Unfortunately, attacks are nothing new. Other major attacks over the years have included the Equifax data breach, Uber data breach, and WannaCry cyber […]