Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.
Tag: Confidentiality
Which SOC Report is Right for your Organization?
Recently, we have noticed that clients of service organizations are asking for a “SOC” report in general, and not necessarily specifying which type of report they are looking for [i.e., SOC 1 (f. SSAE 16), SOC 2, or SOC 3].
SOC 3 Reports: When do they make sense?
Some of our clients occasionally ask us when it is a good idea to get a SOC 3 report. The answer for most companies is that a SOC 3 is not necessary.
SOC 2 Common Criteria vs. Old TSPs
On December 15, 2014, the new SOC 2 Common Criteria took effect. What does that mean for your SOC 2 audit?
SOC Reporting History and Fundamentals
The ever-growing emphasis on governance, risk management, and compliance has driven companies to focus on internal controls over all aspects of their operations.
Signs You Should be Receiving a SOC Report/Examination
A SOC (Service Organization Control) report is a report on controls at a service organization related to various types of subject matter, for example: controls that affect user entities’ financial reporting; controls that affect the security, availability, and processing integrity of the systems; or the confidentiality or privacy of the information processed for user entities’ clients.
Updated Trust Services Principles for SOC 2 Reports
The Trust Services Principles and Criteria (TSP Section 100) has been updated for SOC 2 reports.
Confidentiality vs. Privacy in a SOC 2
In a SOC 2 examination, two of the five Trust Services Principles and Criteria are Privacy and Confidentiality. These two principles can be confusing and may seem to overlap.