SOC 1

Mind the Gap: How to Change Auditors without Impacting Compliance

Mind the Gap: How to Change Auditors without Impacting Compliance

Increasingly, organizations are realizing that a strategic compliance program increases operational efficiencies by replacing ad hoc and transactional audits with a more thoughtful approach. And as organizations get more serious about strategic compliance, they realize consolidation is a key component.

Read More

SOC Report Types: What You Need to Know

SOC Report Types: What You Need to Know

Organizations cannot afford to leave their clients’ trust to chance. They face complex pressures from customers, regulators and cyberattacks to implement appropriate controls within their environments to protect customer and proprietary data.

Read More

The New Normal:
Fully-Enabled Remote Audits

The New Normal: Fully-enabled Remote Audits

The new normal is anything but normal, but before we join in the chorus of “uncertain times” let’s take a moment to reflect on how standards organizations have responded to COVID-19 to enable remote audits so that organizations can continue to demonstrate trust.

Read More

SOC 1 or SOC 2: Which Is Right for My MSP?

SOC 1 or SOC 2: Which Is Right for My MSP?

Managed service providers (MSPs) provide a valuable service by enabling companies of all sizes to outsource their key information technology processes. Many of those companies who look to engage an MSP ask whether a SOC 1 or SOC 2 Examination has been completed to assess the MSP’s security posture.

Read More

The SOC 1 Examination Process

Do you understand the SOC 1 examination process? Our assessors take you from scoping through report delivery to understand all of the steps needed to complete an examination.

Read More

Everything You Need to Know About Bridge Letters

Bridge letters are an important element of SOC 1 and SOC 2 examinations that you may not be aware of and can help provide your clients with additional confidence regarding the effectiveness of your organization’s controls environment at no additional cost or time.

Read More

SOC Reports: Type 1 vs Type 2 vs Readiness Assessment

Type-1-vs-Type-2-vs-Readiness-Assessment

Your client requested a SOC report, but what’s next? For organizations seeking a SOC 1, SOC 2, or ISAE 3402, there are two attestation options available: Type 1 and Type 2. Additionally, a readiness assessment can be performed to prepare your organization for the attestation.

Read More

Third-Party Vendor Management Best Practices

The SOC 1 standard requires that service organizations implement and describe their vendor management practices for third-party service organizations. In order to help organizations meet these updated requirements, our assessors have assembled a list of vendor management best practices to help organizations, better-manage third-party vendors. What is Third-Party Management? Third-party management is the process whereby companies monitor […]

Read More

SOC 1 for Payroll Providers

Why are people asking my payroll company for a SOC 1 report? Payroll is one of the most commonly outsourced business functions, making SOC 1 necessary to ensure to clients that payments are made accurately and in a timely fashion to the necessary parties. Penalties for failing to file or pay taxes, or other fees […]

Read More

Making the Switch from SSAE 16 to SSAE 18

When service organizations receive a SOC 1 examination, it is performed under the SSAE 16 or “Statements on Standards for Attestation Engagements 16, Reporting on Controls at a Service Organization” standard. In the Spring 2016, The AICPA’s Auditing Standards Board (ASB) completed the clarity project, the result of which was the issuance of the SSAE […]

Read More