Explaining SOC 1, SOC 2, and SOC 3 Compliance

As businesses increasingly outsource core functions to service organizations, managers at service organizations are more likely to receive requests for a SOC audit to examine their internal control environment. Choosing between a SOC 1, SOC 2, and SOC 3 report can be a little confusing but understanding the differences between these […]

What is a SOC Audit and Why is it Important?

What is a SOC Audit and Why is it Important

Today more than ever, companies rely on service providers to streamline day-to-day operations and ensure continued functionality. This is evident through the emergence of cloud computing, data centers, and software-as-a-service (SaaS) organizations. However, with the ease and convenience of these outsourced tasks comes some degree of inherent risk.   A key differentiator […]

Kfi Whitepaper – Risk Assessment in a SOC 2

One of the challenges that many service organizations face while completing a SOC 2 engagement is addressing the risk assessment and risk mitigation criteria found in TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (TSC).  Kfi has published a whitepaper to: identify the risk […]

Fraud Report Highlights

One of the most interesting documents that comes across my desk each year is the Global Study on Occupational Fraud and Abuse published by the Association of Certified Fraud Examiners (ACFE).  The 2018 study (which can be downloaded at the bottom of this post) contains an analysis of 2,690 cases of […]