After Thousands of Audits; the Truth About the So-Called “14-Day SOC 2”

A SOC 2 in 14 days? We’ve completed thousands of them and we can say with authority that this is misleading. As auditors, we believe in accuracy, so we wanted to share what it really takes to complete a SOC 2 and how to get it done as quickly as possible. 

Continue reading “After Thousands of Audits; the Truth About the So-Called “14-Day SOC 2””

5 Reasons Why You Need SOC 2 Compliance

Many organizations outsource their business operations and services to third-party vendors, possibly putting client data at risk. Therefore, organizations request that their vendors achieve SOC 2 compliance to demonstrate IT security standards. Let’s review additional reasons you need SOC 2 compliance now.

Continue reading “5 Reasons Why You Need SOC 2 Compliance”

What are the SOC 2 Trust Services Criteria?

The SOC 2 audit process includes categories of Trust Services Criteria: Security, Availability, Confidentiality, Processing Integrity, and Privacy. These categories each cover a set of internal controls related to different aspects of your information security program. 

Continue reading “What are the SOC 2 Trust Services Criteria?”

What’s The Difference Between SOC 2 Type I and Type II?

The difference between a SOC 2 Type I audit and a SOC 2 Type II audit is how the controls are evaluated – at a single point in time, or over a period of time. This decision can be driven by budget, timing, resources available, and what customers are asking for. 

Continue reading “What’s The Difference Between SOC 2 Type I and Type II?”

SOC 2 for Startups: Boosting Your Startup with SOC 2

SOC 2 for startups may seem like a difficult endeavor given the moving parts involved in launching and maintaining a successful startup. From funding to revenue, it can be easy to neglect compliance examinations like a SOC 2 Examination – or delay completing one until a future date. Continue reading “SOC 2 for Startups: Boosting Your Startup with SOC 2”

Leveraging a SOC 2 Examination to Differentiate Your MSP

IT security is an ever-growing concern from consumers and businesses. The last few years of breaches resulting from insecure IT environments have changed the buying process and selection criteria for many organizations. Continue reading “Leveraging a SOC 2 Examination to Differentiate Your MSP”

Updates to the AICPA’s SOC 2 Framework

The American Institute of Certified Public Accountants (AICPA) recognizes the growing demand for transparency and strengthened controls within multifaceted risk environments. The SOC 2 framework continues to improve the security measures that should be implemented to protect organizations against emerging threats. Continue reading “Updates to the AICPA’s SOC 2 Framework”

The Value of SOC 2

If your service organization processes customer transactions that impact financial reporting, such as payroll or other financial reporting functions, you are more than likely familiar with the SSAE 16 SOC 1 report and its predecessor the SAS 70. Your customer’s auditors request the SAS 70, now the SSAE 16, every year to fulfill your customer’s year-end financial statement audit requirements. You gladly undergo the annual SSAE 16 audit so you have the report ready for your customers each year. One SSAE16 audit is worth keeping an army of customer auditors from knocking on your door asking for the same evidence of internal controls. More than likely the SSAE 16 is also required to meet contractual obligations to your customers. So to reduce the number of audits you have to endure each year, to meeting contractual obligations and also to get an independent evaluation of your internal controls, you engaged a CPA firm to perform the SSAE 16 audit. Continue reading “The Value of SOC 2”