Home/SOC Reporting

SOC 2 v. ISO 27001: What’s The Difference?

Navigating the ins and outs of two of the most popular compliance frameworks.

When it comes to vendor due diligence, many companies are raising the bar.

In addition to evaluating vendor revenue, growth, and skills, security is becoming an important focus. With almost half of security breaches occurring because of vendors, it’s no wonder that security attestations and certifications […]

By |2020-07-13T12:15:34+00:00July 13th, 2020|ISO 27001 Compliance, SOC Reporting|0 Comments

How to Create Effective Policies

How to leverage information security policies into leveling up your security program.
People often regard information security policy as a “check-the-box” compliance initiative. Many organizations will copy a policy template, make small revisions applicable to their context, […]

risk3sixty Successfully Completes Peer Review

At risk3sixty, we pride ourselves on craftsmanship. It is one of our core values. As a result, every engagement follows a rigorous quality standard and multiple levels of internal quality assurance review. It’s just one way we try to make sure everything we produce meets a set of minimum quality standards. In addition to our own internal quality standards, our […]

By |2020-01-23T19:19:34+00:00July 29th, 2019|Culture, News and Events, SOC Reporting|0 Comments

Are Pen Test and Vulnerability Scans Required for a SOC 2 Report?

Are Pen Test and Vulnerability Scans Required for a SOC 2 Report? There has been much confusion lately in the SOC 2 market as companies seek to understand the need-to-haves vs. the nice-to-haves when it comes to obtaining a SOC 2 report.  Much of this confusion was brought about by the December 2018 upgrade of the Trust Services Criteria, and associated Point of Focus, intended to align SOC 2 with the 2013 COSO framework.

By |2020-01-17T21:17:50+00:00March 20th, 2019|IT Audit & Compliance, SOC Reporting|1 Comment

What is the Difference between SOC 2 Type I and SOC 2 Type II?

If your clients or prospects have requested a SOC 2 report, obtaining a SOC 2 report typically follows a three step process.

Step 1: Readiness Assessment

A readiness assessment helps your organization prepare for a SOC 2 audit. Used for internal purposes, this assessment provides your organization with a roadmap to prepare for a SOC 2 audit by identifying your current controls as […]

By |2020-01-17T21:20:09+00:00September 10th, 2018|SOC Reporting|1 Comment

Quality Work Does Not Mean Quality Service

“Managing the Professional Services Firm” by David Maister is considered to be “core canon” among consulting professionals. Though it was originally published over 25 years ago (1993) it has aged gracefully and almost all of its content is still relevant today.

One of our team’s favorite distinction, as pointed out by Maister, is […]

What is the difference between SOC 2 and SOC for Cybersecurity?

Overview of the SOC for Cybersecurity

In 2017 the AICPA published guidance on a new cyber security risk management examination, System and Organization Controls for Cyber Security (SOC for Cybersecurity).  This SOC for Cybersecurity examination was created to address the growing need for reporting and attestation over an organization’s cyber security posture.

The SOC for […]

By |2020-01-17T21:20:32+00:00January 18th, 2018|SOC Reporting|3 Comments