Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.
Recently, we have noticed that clients of service organizations are asking for a “SOC” report in general, and not necessarily specifying which type of report they are looking for [i.e., SOC 1 (f. SSAE 16), SOC 2, or SOC 3].
The ever-growing emphasis on governance, risk management, and compliance has driven companies to focus on internal controls over all aspects of their operations.
SOC logos are available for use by service organizations that have undergone a SOC 1 (formerly SSAE 16), SOC 2, or SOC 3 engagement within the prior 12 months.
The Cloud Security Alliance is a non-profit organization that promotes the use of best practices for providing secure cloud computing. Since 2010, the CSA has released four versions of a free Cloud Controls Matrix for public use.
It is easy to feel overwhelmed by all of the terminology surrounding an audit. Here is a list of frequently used terms and their meanings:
So, you have a current customer or client asking whether you have completed an SSAE 16 examination. Now you may have some basic questions such as the following: What is an SSAE 16 audit report? A Type II SSAE 16 report is an independent report on the design and operating effectiveness of key controls at […]