SOC 1 vs SOC 2 Reports: Type 1 vs Type 2 vs Readiness Assessment

Type-1-vs-Type-2-vs-Readiness-Assessment

SOC Type 1 vs Type 2: which one should you select? For organizations seeking a SOC 1, SOC 2, or ISAE 3402, there are two attestation options available: Type 1 and Type 2. Additionally, a readiness assessment can be performed to prepare your organization for the attestation.

Read More

Updates to the AICPA’s SOC 2 Framework

SOC 2-Aicpa

The American Institute of Certified Public Accountants (AICPA) recognizes the growing demand for transparency and strengthened controls within multifaceted risk environments. The SOC 2 framework continues to improve the security measures that should be implemented to protect organizations against emerging threats.

Read More

Ask an Assessor: Death Master File

The Death Master File (DMF) is a protected file that includes information regarding the deceased such as: Name Date of Birth Date of Death Social Security Number Since November 28, 2016, organizations have faced a stricter certification process to be granted access to the DMF. In that time, A-LIGN has served as an Accredited Conformity […]

Read More

The Perfect Match: Benefits of Adding SOC for Cybersecurity to Your SOC 2 Audits

Security efforts continue to change as industries evolve introducing new procedures, processes, and tools. To mitigate these new challenges, governing bodies continue to release new standards and guides to help organizations validate specific controls. As the number of audit options increase, understanding the capabilities and functions are critical. It’s important to understand that each examination […]

Read More

SOC 2 vs SOC for Cybersecurity: 3 Main Differences

Organizations want to ensure that the personal assets of potential and existing clients are protected. To do so, organizations can validate their controls through a variety of assessments, but choosing the right one for your organization’s specific needs can be a difficult process. Through the new SOC for Cybersecurity examination, organizations can now demonstrate the […]

Read More

AICPA’s New SOC for Cybersecurity Examination

As the data breach occurrences increase, organizations continue to struggle to demonstrate and maintain security of their data. To ensure that all appropriate measures are being taken, executives and senior management have begun requesting that their organizations demonstrate the effectiveness of their cybersecurity risk management programs through third party assessments In response to this challenge […]

Read More

Third-Party Vendor Management Best Practices

The SOC 1 standard requires that service organizations implement and describe their vendor management practices for third-party service organizations. In order to help organizations meet these updated requirements, our assessors have assembled a list of vendor management best practices to help organizations, better-manage third-party vendors. What is Third-Party Management? Third-party management is the process whereby companies monitor […]

Read More

SOC 1 for Payroll Providers

Why are people asking my payroll company for a SOC 1 report? Payroll is one of the most commonly outsourced business functions, making SOC 1 necessary to ensure to clients that payments are made accurately and in a timely fashion to the necessary parties. Penalties for failing to file or pay taxes, or other fees […]

Read More

Making the Switch from SSAE 16 to SSAE 18

When service organizations receive a SOC 1 examination, it is performed under the SSAE 16 or “Statements on Standards for Attestation Engagements 16, Reporting on Controls at a Service Organization” standard. In the Spring 2016, The AICPA’s Auditing Standards Board (ASB) completed the clarity project, the result of which was the issuance of the SSAE […]

Read More

School’s Back in Session – How to Stay Updated on Regulations

By: Sue Wells, Senior Consultant at A-LIGN One of the most important areas that clients of compliance professionals count on is that their third-party “expert” will stay current on relevant regulations. I’d like to share some of the ways compliance professionals keep current with regulations, which will also work for busy industry and technology professionals. […]

Read More