What is IT Change Management? IT change management is a standardized end-to-end process that enables changes, including application, infrastructure, and configuration changes, to be deployed to a production IT environment in a controlled and consistently repeatable manner. IT change management provides the mechanism or workflow that makes sure only authorized changes are made to production. […]

Blockchain technology is changing the way businesses around the world operate and provide services. Blockchain is currently most known for its association with cryptocurrencies, most notably, Bitcoin. The use of blockchain extends beyond cryptocurrencies as use cases flourish and major companies invest in blockchain technology. With new integrations and solutions in development, blockchain will disrupt […]

Section 5, the unaudited section, of the SOC 2 report can vary significantly between reports. It may contain a lot of details about the service organization or it may only contain a response from management for a deficiency. So what can go in this section? There are various topics that can be included that can be […]

Service organization management and the service auditor each have specific responsibilities in a SOC 2 examination. This blog describes the service auditor’s responsibilities, including the preconditions of engagement acceptance and the importance of understanding the terms of the engagement with management. If you are a service organization looking for a new service auditor, client acceptance […]

Over the last year, the world saw a number of major security breaches in the news. Some notable ones include the SolarWinds attack, Colonial Pipeline Hack, and JBS U.S. Beef plant attack. Unfortunately, attacks are nothing new. Other major attacks over the years have included the Equifax data breach, Uber data breach, and WannaCry cyber […]

In today’s world, great importance and attention are placed on personal privacy and, importantly, privacy over an individual’s personal information and data. The highly electronically connected world and easy availability of information on the internet and through information sharing between organizations raise the concern as to how individuals’ personal information and data are protected. There […]

Service organizations often ask our firm if they have to give out their SOC 1 (formerly SSAE 16) or SOC 2 report to user organizations or prospective user organizations

Ever wonder what an auditor means when they say they’d like to get to know your entity and its control environment? Through this blog, we walk through why this topic is important to an auditor, what the procedures are to understand the entity and its environment, and how this information is used in compiling a […]

When preparing for a SOC report (SOC 1 or SOC 2) examination, when the inclusive method is decided upon to represent the subservice providers, there are impacts to the report that a service provider and service auditor must be aware of. There are multiple changes that are required to be made to the standard AICPA […]

What is inherent risk and control risk and how do they relate to a SOC 2 audit? Inherent risk occurs due to the nature of the service provided and operation of the Company without consideration of any controls in place. Control risk is present as a result of the internal controls in place at the […]