One of the challenges that many service organizations face while completing a SOC 2 engagement is addressing the risk assessment and risk mitigation criteria found in TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (TSC). Kfi has published a whitepaper to:
- identify the risk assessment and risk mitigation criteria that must be addressed in every SOC 2 and provide practical guidance to service organizations on how to address them;
- provide guidance to service auditors on the types of controls that they should look for to address the risk assessment and risk mitigation criteria.
Here is a link to the whitepaper: Risk_Assessment_SOC_2