Most organizations have at least heard of SOC reports. Published and administered by the American Institute of Certified Professional Accountants (AICPA), the SOC umbrella of attestations helps organizations demonstrate adherence to best practices around data privacy, cybersecurity, risk assessment and financial reporting. Since SOC requirements come directly from the AICPA, the organization releases documents pertaining… Read More
SOC audits are some of the most common non-regulatory audits in the U.S. These attestations provide companies with a way to demonstrate their dedication to transparent and secure financial reporting and protecting consumer information. Accordingly, SOC reporting can become an in-depth and complicated task that is rendered even more complicated when factoring in subservice providers. … Read More
Audits and compliance are just part of doing business for financial organizations. Clients and partners must know that they can trust you to manage their critical information, keep it secure, and maintain its confidentiality. Frameworks like Systems and Organization Controls, or SOC, help organizations meet these expectations in a standardized way. While SOC 2 is… Read More
The Service Organization Control (SOC) standard is a well-known, but often misunderstood, approach to cybersecurity. It’s not mandatory, it has several methods, and some attestations involve different types of reports and assessments. Sometimes, the most difficult challenge is understanding the breakdown between reports. While SOC 2 is the most well-known and deployed assessment on the… Read More
Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for assessing the procedural and technical controls free. This is a resource based on the SSAE 16 SOC 1 framework you may freely use to conduct your organization’s readiness audits. Your results are private and the output is sent to you without charge. It’s just… Read More