The AICPA-designated SOC 2 framework is used to express an opinion on controls over security, privacy, availability, confidentiality, and processing integrity for many different systems, organizations, and environments. In addition [...]
In this blog, we’ll dive into one of the most important parts of a SOC 2 report, the SOC 2 System Description! During your due diligence process, a vendor sends [...]
A guide to the Trust Services Criteria Knowing when to include the various SOC 2 Trust Services Criteria (TSC) (also, criteria) can seem like a daunting task, but it does [...]
How can you ensure success for your company’s SOC 2 initiative? Here are 5 Steps to SOC 2 success – best practices and lessons learned from the field! I have [...]
If you just received a SOC 2 report and do not know where to start analyzing, this blog is for you! SOC 2 reports can easily reach 50+ pages and [...]
In a previous blog post, we discussed the differences between SOC 2 vs ISO 27001. In this post, we will look at the factors affecting the decision of choosing which [...]
Navigating the ins and outs of two of the most popular compliance frameworks. When it comes to vendor due diligence, many companies are raising the bar. This article will help [...]
Check out our webinar from Christian White and Christian Hyatt in which they cover the basics of SOC 2 reporting, what to expect during a SOC 2 audit, and why [...]
How to leverage information security policies into leveling up your security program. People often regard information security policy as a "check-the-box" compliance initiative. Many organizations will copy a policy [...]
At risk3sixty, we pride ourselves on craftsmanship. It is one of our core values. As a result, every engagement follows a rigorous quality standard and multiple levels of internal quality [...]