Category: SOC Reporting

Password Security

Analysis of Strong VS Weak Passwords

Data breaches are a dime a dozen these days. But when hackers steal databases full of customer info, login names, and passwords, the passwords themselves aren’t usually sitting out in plain sight. Typically, the passwords will be cryptographically hashed. Hashing a password takes a string of any length (the password

Read More

SOC 2 – CC2, 4, & 5 Best Practices

For a smooth SOC 2 process, companies should ensure controls are accurate, efforts are effective, and responsibilities are communicated. Without these, the rest of your program will likely run into exceptions and struggle to meet the criteria. While performing these seems easy, it can be difficult to understand what should

Read More
SOC 2 Press Release Blog

Risk3sixty Successfully Completes SOC 1 and SOC 2 Peer Review

Successful completion of the security and compliance process is an affirmation of risk3sixy’s quality assurance processes using their proprietary Phalanx GRC platform. ATLANTA – October 11, 2022 – Risk3sixty, a company that helps organizations assess, build, manage and certify their security programs against multiple compliance frameworks including SOC 2 and

Read More
CC1 Best Practicees

CC1 Best Practices

  Imagine you are working on your SOC 2 report and trying to ensure you meet the CC1 (Common Criteria) controls. Most of these are met by performing corporate strategy and governance actions in a timely manner. For this, written procedures, recurring agendas, and a checklist will be your greatest

Read More

HITRUST i1 vs SOC 2: What’s The Difference?

SOC 2 vs HITRUST i1 SOC 2 is a reporting framework developed and maintained by the American Institute of Certified Public Accountants (AICPA), and as such, a SOC 2 report can only be issued by a CPA firm, such as risk3sixty. The goal of a SOC 2 report is to

Read More
SOC 2 Report Process Blog

3 Steps to Get Started with SOC 2

So, you’ve decided to get a SOC 2 Report (SOC 2 Attestation). However, you aren’t sure where to begin. This article details what you need to know before you start, who needs to be involved at your company, and how to choose a vendor to perform your attestation. What is

Read More

How risk3sixty Uses SOC 2 to Demonstrate HIPAA Compliance

The AICPA-designated SOC 2 framework is used to express an opinion on controls over security, privacy, availability, confidentiality, and processing integrity for many different systems, organizations, and environments. In addition to improving security posture at your organization, SOC 2 is a great sales tool to demonstrate to your customers that

Read More
SOC 2 System Description Blog

How to Read a SOC 2 System Description

In this blog, we’ll dive into one of the most important parts of a SOC 2 report, the SOC 2 System Description! During your due diligence process, a vendor sends you their SOC 2 report. How do you know what the report is trying to say? How are you supposed

Read More
SOC 2 Trust Services Criteria

SOC 2 Trust Services Criteria That Apply to Your Business

A guide to the Trust Services Criteria Knowing when to include the various SOC 2 Trust Services Criteria (TSC) (also, criteria) can seem like a daunting task, but it does not have to be. Different industries have differing third-party assurance requirements and expectations, and the SOC 2 TSC have been

Read More