SOC 1
08.06.2020
The New Normal:
Fully-enabled Remote Audits
The new normal is anything but normal, but before we join in the chorus of “uncertain times” let’s take a moment to reflect on how standards organizations have responded to COVID-19 to enable remote audits so that organizations can continue to demonstrate trust.
Read More10.22.2019
SOC 1 or SOC 2: Which Is Right for My MSP?
Managed service providers (MSPs) provide a valuable service by enabling companies of all sizes to outsource their key information technology processes. Many of those companies who look to engage an MSP ask whether a SOC 1 or SOC 2 Examination has been completed to assess the MSP’s security posture.
Read More04.25.2019
The SOC 1 Examination Process
Do you understand the SOC 1 examination process? Our assessors take you from scoping through report delivery to understand all of the steps needed to complete an examination.
Read More03.18.2019
Everything You Need to Know About Bridge Letters
Bridge letters are an important element of SOC 1 and SOC 2 examinations that you may not be aware of and can help provide your clients with additional confidence regarding the effectiveness of your organization’s controls environment at no additional cost or time.
Read More03.15.2018
SOC Reports: Type 1 vs Type 2 vs Readiness Assessment
Your client requested a SOC report, but what’s next? For organizations seeking a SOC 1, SOC 2, or ISAE 3402, there are two attestation options available: Type 1 and Type 2. Additionally, a readiness assessment can be performed to prepare your organization for the attestation.
Read More05.10.2017
Third-Party Vendor Management Best Practices
The SOC 1 standard requires that service organizations implement and describe their vendor management practices for third-party service organizations. In order to help organizations meet these updated requirements, our assessors have assembled a list of vendor management best practices to help organizations, better-manage third-party vendors. What is Third-Party Management? Third-party management is the process whereby companies monitor […]
Read More02.15.2017
SOC 1 for Payroll Providers
Why are people asking my payroll company for a SOC 1 report? Payroll is one of the most commonly outsourced business functions, making SOC 1 necessary to ensure to clients that payments are made accurately and in a timely fashion to the necessary parties. Penalties for failing to file or pay taxes, or other fees […]
Read More12.19.2016
Making the Switch from SSAE 16 to SSAE 18
When service organizations receive a SOC 1 examination, it is performed under the SSAE 16 or “Statements on Standards for Attestation Engagements 16, Reporting on Controls at a Service Organization” standard. In the Spring 2016, The AICPA’s Auditing Standards Board (ASB) completed the clarity project, the result of which was the issuance of the SSAE […]
Read More12.01.2016
What are the differences between ISAE 3402 and SSAE 16?
The preferred reports for service organizations with direct impact on internal controls over financial reporting of their clients are the SSAE 16 (Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was issued by the Auditing Standards Board of the American Institute of Certified Public Accountants) and ISAE 3402 […]
Read More12.08.2015
The Do’s and Don’ts of Bridge Letters (SSAE 16 Reporting)
You finally received your SOC 1/SSAE 16 report, only to realize that your coverage does not cover the entire year. So what happens in the remaining months of the year beyond the coverage of the report? Is it necessary that you receive another report to cover the remainder of the year? Does your previous report […]
Read More
