Insights

SOC 1 vs SOC 2: Choosing the Right Examination

SOC 1 vs SOC 2: Choosing the Right Examination

System and Organization Controls 1 and 2 (SOC 1 and SOC 2) reports are both related tointernal controls within organizations, but they serve different purposes and audiences. Whichone is right for your organization? It will depend on the use case of the report and the...

read more
Security Events vs. Security Incidents

Security Events vs. Security Incidents

In the world of cybersecurity, a common misunderstanding often exists within organizations - the distinction between security events and security incidents. We audit a lot of organizations’ incident management protocols, and the lack of a distinction between event and...

read more
How to Evaluate Auditors

How to Evaluate Auditors

Selecting an audit firm can, and probably should, feel daunting. After all, you hopefully will work with this firm for many years to come, so it shouldn’t be a rushed decision. Many organizations make the mistake of letting cost be the primary driver of choosing an...

read more
Factors That Create a Positive Compliance Experience

Factors That Create a Positive Compliance Experience

There is no doubt in my mind that I have seen vastly more audit horror stories and unsatisfied auditees on public forums and social media than I have seen people raving about a positive audit experience. Auditing is an extremely tough profession, and we auditors often...

read more
How to Prepare for a SOC 2 Security Assessment

How to Prepare for a SOC 2 Security Assessment

Security assessments, such as SOC 2 reports, are increasingly becoming a requirement in modern business. Organizations often approach us needing a SOC 2 but need help knowing where to start. So, let's break down the significant steps in preparing for a SOC 2.  ...

read more
What Are SOC Reports – The Basics

What Are SOC Reports – The Basics

Introduction System and Organization Controls (SOC) reports have become one of the most common methods for organizations to demonstrate their services and provide stakeholders assurance over their internal control environments. SOC reports can seem like a very...

read more
What Is a SOC 1 and Do You Need One?

What Is a SOC 1 and Do You Need One?

So, you have a customer telling you they need your SOC 1 report, but you do not currently have one and you need guidance on how to obtain one. This is a common problem we see in clients and is generally a positive sign that your firm is growing and obtaining larger...

read more
Introduction To The SOC For Cybersecurity

Introduction To The SOC For Cybersecurity

The rise and institutionalization of cyber-attacks and data breaches within the corporate landscape has justifiably resulted in an atmosphere of reduced trust among business entities and consumers. Risk management and cybersecurity are consistently listed as top...

read more