Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.
Tag: Service Organization
Which SOC Report is Right for your Organization?
Recently, we have noticed that clients of service organizations are asking for a “SOC” report in general, and not necessarily specifying which type of report they are looking for [i.e., SOC 1 (f. SSAE 16), SOC 2, or SOC 3].
SOC Reporting History and Fundamentals
The ever-growing emphasis on governance, risk management, and compliance has driven companies to focus on internal controls over all aspects of their operations.
Use of SOC Logos and Seals
SOC logos are available for use by service organizations that have undergone a SOC 1 (formerly SSAE 16), SOC 2, or SOC 3 engagement within the prior 12 months.
CSA Cloud Controls Matrix
The Cloud Security Alliance is a non-profit organization that promotes the use of best practices for providing secure cloud computing. Since 2010, the CSA has released four versions of a free Cloud Controls Matrix for public use.
So Many Terms…What Do They All Mean?
It is easy to feel overwhelmed by all of the terminology surrounding an audit. Here is a list of frequently used terms and their meanings:
Top 5 Reasons to Get an SSAE 16 (f. SAS 70) Report
So, you have a current customer or client asking whether you have completed an SSAE 16 examination. Now you may have some basic questions such as the following: What is an SSAE 16 audit report? A Type II SSAE 16 report is an independent report on the design and operating effectiveness of key controls at […]