SOC 1
09.10.2020
Mind the Gap: How to Change Auditors without Impacting Compliance

Increasingly, organizations are realizing that a strategic compliance program increases operational efficiencies by replacing ad hoc and transactional audits with a more thoughtful approach. And as organizations get more serious about strategic compliance, they realize consolidation is a key component.
Read More08.27.2020
SOC Report Types: What You Need to Know

Organizations cannot afford to leave their clients’ trust to chance. They face complex pressures from customers, regulators and cyberattacks to implement appropriate controls within their environments to protect customer and proprietary data.
Read More08.06.2020
The New Normal:
Fully-Enabled Remote Audits

The new normal is anything but normal, but before we join in the chorus of “uncertain times” let’s take a moment to reflect on how standards organizations have responded to COVID-19 to enable remote audits so that organizations can continue to demonstrate trust.
Read More10.22.2019
SOC 1 or SOC 2: Which Is Right for My MSP?

Managed service providers (MSPs) provide a valuable service by enabling companies of all sizes to outsource their key information technology processes. Many of those companies who look to engage an MSP ask whether a SOC 1 or SOC 2 Examination has been completed to assess the MSP’s security posture.
Read More04.25.2019
The SOC 1 Examination Process

Do you understand the SOC 1 examination process? Our assessors take you from scoping through report delivery to understand all of the steps needed to complete an examination.
Read More03.18.2019
Everything You Need to Know About Bridge Letters

Bridge letters are an important element of SOC 1 and SOC 2 examinations that you may not be aware of and can help provide your clients with additional confidence regarding the effectiveness of your organization’s controls environment at no additional cost or time.
Read More03.15.2018
SOC Reports: Type 1 vs Type 2 vs Readiness Assessment

Your client requested a SOC report, but what’s next? For organizations seeking a SOC 1, SOC 2, or ISAE 3402, there are two attestation options available: Type 1 and Type 2. Additionally, a readiness assessment can be performed to prepare your organization for the attestation.
Read More05.10.2017
Third-Party Vendor Management Best Practices
The SOC 1 standard requires that service organizations implement and describe their vendor management practices for third-party service organizations. In order to help organizations meet these updated requirements, our assessors have assembled a list of vendor management best practices to help organizations, better-manage third-party vendors. What is Third-Party Management? Third-party management is the process whereby companies monitor […]
Read More02.15.2017
SOC 1 for Payroll Providers
Why are people asking my payroll company for a SOC 1 report? Payroll is one of the most commonly outsourced business functions, making SOC 1 necessary to ensure to clients that payments are made accurately and in a timely fashion to the necessary parties. Penalties for failing to file or pay taxes, or other fees […]
Read More12.19.2016
Making the Switch from SSAE 16 to SSAE 18
When service organizations receive a SOC 1 examination, it is performed under the SSAE 16 or “Statements on Standards for Attestation Engagements 16, Reporting on Controls at a Service Organization” standard. In the Spring 2016, The AICPA’s Auditing Standards Board (ASB) completed the clarity project, the result of which was the issuance of the SSAE […]
Read More