At risk3sixty, we pride ourselves on craftsmanship. It is one of our core values. As a result, every engagement follows a rigorous quality standard and multiple levels of internal quality assurance review. It’s just one way we try to make sure everything we produce meets a set of minimum quality standards. In addition to our own internal quality standards, our […]
Are Pen Test and Vulnerability Scans Required for a SOC 2 Report? There has been much confusion lately in the SOC 2 market as companies seek to understand the need-to-haves vs. the nice-to-haves when it comes to obtaining a SOC 2 report. Much of this confusion was brought about by the December 2018 upgrade of the Trust Services Criteria, and associated Point of Focus, intended to align SOC 2 with the 2013 COSO framework.
If your clients or prospects have requested a SOC 2 report, obtaining a SOC 2 report typically follows a three step process.
Step 1: Readiness Assessment
A readiness assessment helps your organization prepare for a SOC 2 audit. Used for internal purposes, this assessment provides your organization with a roadmap to prepare for a SOC 2 audit by identifying your current controls as […]
“Managing the Professional Services Firm” by David Maister is considered to be “core canon” among consulting professionals. Though it was originally published over 25 years ago (1993) it has aged gracefully and almost all of its content is still relevant today.
One of our team’s favorite distinction, as pointed out by Maister, is […]
Overview of the SOC for Cybersecurity
In 2017 the AICPA published guidance on a new cyber security risk management examination, System and Organization Controls for Cyber Security (SOC for Cybersecurity). This SOC for Cybersecurity examination was created to address the growing need for reporting and attestation over an organization’s cyber security posture.
The SOC for […]
Selecting the right partner to assist with SOC 2 compliance (or anything else) can be challenging. If you are trying to sort through the marketplace to select a vendor here are a few considerations. You can also download our free vendor selection template here.
Assess resumes of the individuals […]
The SOC 2 reporting process can take anywhere from 4 weeks – 18 months on the extreme ends of the spectrum (6 weeks – 3 months on average). The reason for such variance depends on the type of report (Type I vs. Type II), project complexity, firm maturity, motivation to obtain a SOC […]
If you are trying to determine if your company would benefit from obtaining a SOC report, here are a few questions and answers that may help make the decision.
1) Are clients requesting a SOC report?
Many firms find that obtaining a SOC report is a cost of doing business because clients or prospects ask […]
Heavily regulated companies spend a lot of time mapping and creating new business processes to meet compliance requirements. This is especially frustrating for businesses that face multiple compliance requirements.
We see this often in the financial technology (FinTech) and healthcare technology (HIT) space. Companies like these have an almost unmanageable number of regulatory frameworks to navigate. (SOC 2, ISO 27001, GLBA, HIPAA, […]