SOC 2 Success in 5 Simple Steps

How can you ensure success for your company’s SOC 2 initiative? Here are 5 Steps to SOC 2 success – best practices and lessons learned from the field!

I have yet […]

By Christian White|2020-09-28T14:50:09+00:00September 28th, 2020|SOC Reporting|0 Comments

Understanding SOC 2 Opinions

If you just received a SOC 2 report and do not know where to start analyzing, this blog is for you!

SOC 2 reports can easily reach 50+ pages and can […]

By Jack Nguyen|2020-09-09T21:29:49+00:00August 24th, 2020|SOC Reporting|0 Comments

ISO 27001 vs SOC 2: Choosing a Compliance Framework

In a previous blog post, we discussed the differences between SOC 2 vs ISO 27001. In this post, we will look at the factors affecting the decision of choosing […]

By Kendall Morris|2020-09-09T21:24:19+00:00August 3rd, 2020|ISO 27001 Compliance, SOC Reporting|0 Comments

SOC 2 vs ISO 27001: What’s The Difference?

Navigating the ins and outs of two of the most popular compliance frameworks.

When it comes to vendor due diligence, many companies are raising the bar. This article will help […]

By Kendall Morris|2020-08-04T12:33:07+00:00July 13th, 2020|ISO 27001 Compliance, SOC Reporting|0 Comments

Webinar: SOC 2: Everything You Need to Get a SOC 2 Report

Check out our webinar from Christian White and Christian Hyatt in which they cover the basics of SOC 2 reporting, what to expect during a SOC 2 audit, and why […]

By Christian White|2020-06-28T20:28:59+00:00July 8th, 2020|SOC Reporting, Webinars|0 Comments

How to Create Effective Policies

How to leverage information security policies into leveling up your security program.

By Kendall Morris|2020-08-25T15:40:53+00:00December 16th, 2019|CISO Discussions, Cyber Risk Management, ISO 27001 Compliance, IT Audit and Compliance, SOC Reporting|1 Comment

risk3sixty Successfully Completes Peer Review

At risk3sixty, we pride ourselves on craftsmanship. It is one of our core values. As a result, every engagement follows a rigorous quality standard and multiple levels of internal […]

By Christian Hyatt|2020-08-25T16:52:10+00:00July 29th, 2019|Culture, News and Events, SOC Reporting|0 Comments

Are Pen Test and Vulnerability Scans Required for a SOC 2 Report?

Are Pen Test and Vulnerability Scans Required for a SOC 2 Report? There has been much confusion lately in the SOC 2 market as companies seek to understand the need-to-haves vs. the nice-to-haves when it comes to obtaining a SOC 2 report. Much of this confusion was brought about by the December 2018 upgrade of the Trust Services Criteria, and associated Point of Focus, intended to align SOC 2 with the 2013 COSO framework.

By Christian White|2020-01-17T21:17:50+00:00March 20th, 2019|IT Audit and Compliance, SOC Reporting|1 Comment

What is the Difference between SOC 2 Type I and SOC 2 Type II?

If your clients or prospects have requested a SOC 2 report, obtaining a SOC 2 report typically follows a three step process.

Step 1: Readiness Assessment

A readiness assessment helps your organization […]

By Christian Hyatt|2020-01-17T21:20:09+00:00September 10th, 2018|SOC Reporting|1 Comment

Quality Work Does Not Mean Quality Service

“Managing the Professional Services Firm” by David Maister is considered to be “core canon” among consulting professionals. Though it was originally published over 25 […]

By Christian Hyatt|2020-07-30T12:38:54+00:00February 5th, 2018|CISO Discussions, Culture, Cyber Risk Management, ISO 27001 Compliance, IT Audit and Compliance, NIST 800 Series, Privacy Compliance, SOC Reporting|0 Comments