What to Expect in Your First SOC Audit

A company’s first SOC audit generally follows a standard lifecycle (and this applies to both SOC 1 and SOC 2): First your auditor performs a readiness assessment (also called a gap assessment) to help you prepare for your first SOC audit and identify control weaknesses that need to be addressed in […]

A Better Way to Monitor AWS and Azure

A Better Way to Monitor AWS and Azure

  If your organization is subject to a SOC 1 or SOC 2 audit, then you are likely familiar with the vendor management requirements under both reporting frameworks. The American Institute of Certified Public Accountants’ (AICPA) reporting standards for SOC 1 (Section AT-C 320 of SSAE #18) states that: “Management’s description […]

The Impact of COVID-19 on SOC Reporting

Background The 2020 audit cycle for organizations that receive SOC reports is going to include new challenges related to COVID-19.  Remote workforces are now the norm throughout the world and there are many new risks associated with this.  For example, the use of insecure personal computers (or those already infected with […]

Explaining SOC 1, SOC 2, and SOC 3 Compliance

As businesses increasingly outsource core functions to service organizations, managers at service organizations are more likely to receive requests for a SOC audit to examine their internal control environment. Choosing between a SOC 1, SOC 2, and SOC 3 report can be a little confusing but understanding the differences between these […]