Tag: SOC 2


4 Habits to Adopt for Highly Effective Compliance Audits

How can you help ensure the successful and timely completion of your compliance audit? This article provides insights into what we’ve found successful compliance auditees do during the audit process. Regardless of the company’s size or maturity of their GRC function, a common thread in the successful on-time completion of

Read More

How risk3sixty Uses SOC 2 to Demonstrate HIPAA Compliance

The AICPA-designated SOC 2 framework is used to express an opinion on controls over security, privacy, availability, confidentiality, and processing integrity for many different systems, organizations, and environments. In addition to improving security posture at your organization, SOC 2 is a great sales tool to demonstrate to your customers that

Read More
Audit Blog

How to Provide Audit Evidence

So, you’ve been tasked with providing evidence for an audit. You may be wondering what your auditor is even looking for. Let’s take a look behind the scenes at why the auditor is asking for certain things, and how you can provide audit evidence to make your life (and your

Read More
Risk Assessment Blog

How to Perform a Risk Assessment (Part 1)

How do you perform a risk assessment, and what do you do with the results? Find out the answers to some common risk assessment questions in Part 1 of our two-part series! Why should you perform a risk assessment? Performing risk assessments regularly is a fundamental requirement of most security frameworks.

Read More
SOC 2 System Description Blog

How to Read a SOC 2 System Description

In this blog, we’ll dive into one of the most important parts of a SOC 2 report, the SOC 2 System Description! During your due diligence process, a vendor sends you their SOC 2 report. How do you know what the report is trying to say? How are you supposed

Read More
SOC 2 Trust Services Criteria

SOC 2 Trust Services Criteria That Apply to Your Business

A guide to the Trust Services Criteria Knowing when to include the various SOC 2 Trust Services Criteria (TSC) (also, criteria) can seem like a daunting task, but it does not have to be. Different industries have differing third-party assurance requirements and expectations, and the SOC 2 TSC have been

Read More
SOC 2 Success

SOC 2 Success in 5 Simple Steps

How can you ensure success for your company’s SOC 2 initiative?  Here are 5 Steps to SOC 2 success – best practices and lessons learned from the field! I have yet to see a client follow these five steps and not be wildly successful in their SOC 2 program buildout,

Read More
SOC 2 Opinions

Understanding SOC 2 Opinions

If you just received a SOC 2 report and do not know where to start analyzing, this blog is for you! SOC 2 reports can easily reach 50+ pages and can be too dense to understand right away. Reading it line by line could take a whole day. Let us

Read More
SOC 2 vs ISO 27001 Choosing a Compliance Framework

ISO 27001 vs SOC 2: Choosing a Compliance Framework

In a previous blog post, we discussed the differences between SOC 2 vs ISO 27001. In this post, we will look at the factors affecting the decision of choosing which  of the two compliance frameworks best aligns with the business needs of a high growth technology or SaaS firm. Client

Read More