As outsourcing services becomes a more integral component of business operations across many industries, the need for SOC reporting grows. Data protection is of paramount importance in today’s connected landscape, especially when it comes to safeguarding financial statements and other sensitive information. However, the key to understanding and maintaining compliance is […]
As businesses increasingly outsource core functions to service organizations, managers at service organizations are more likely to receive requests for a SOC audit to examine their internal control environment. Choosing between a SOC 1, SOC 2, and SOC 3 report can be a little confusing but understanding the differences between these […]
When a company outsources elements of their operations to a third-party vendor, they take on some level of inherent risk. However, strategic managers want to know exactly how much risk their organization is about to incur. SOC reports exist as a way to differentiate service providers from their competitors by clearly […]
A topic of increasing importance for many companies has been the question of how to protect valuable data. For organizations that provide services to other businesses, such as Software as a Service (SaaS) providers, payroll processing, and medical claims processing, the protection of this data is essential to the continuation of […]
It’s no secret that data is incredibly valuable and data centers with subpar internal controls make it easy for cybercriminals to steal sensitive information. For businesses that rely on third parties to handle and store their data as well as client data, it is essential to receive assurances that the organization […]
In an increasingly digital era, more and more organizations have turned to outsourcing key business operations to third-party vendors to increase efficiency and functionality. One essential service is the storage and protection of sensitive data that is incredibly vulnerable and in high demand by cybercriminals. In 2019 alone, there were 1,473 […]
Today more than ever, companies rely on service providers to streamline day-to-day operations and ensure continued functionality. This is evident through the emergence of cloud computing, data centers, and software-as-a-service (SaaS) organizations. However, with the ease and convenience of these outsourced tasks comes some degree of inherent risk. A key differentiator […]
One of the most challenging aspects of a System and Organization Controls (SOC) engagement is evaluating exceptions / control failures and determining how they will impact the SOC report and whether they will result in a qualified or adverse opinion. The purpose of this whitepaper is to help service organizations understand […]
One of the challenges that many service organizations face while completing a SOC 2 engagement is addressing the risk assessment and risk mitigation criteria found in TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (TSC). Kfi has published a whitepaper to: identify the risk […]
One of the most interesting documents that comes across my desk each year is the Global Study on Occupational Fraud and Abuse published by the Association of Certified Fraud Examiners (ACFE). The 2018 study (which can be downloaded at the bottom of this post) contains an analysis of 2,690 cases of […]