SSAE-18 is effective for all reports issued after May 1, 2017.
As of the latest SSAE 18 and SOC 2 updates, vendor management and review of any relevant compliance / audit reports (SOC 1, SOC 2, HITRUST, ISO 27001/2, PCI, etc.) has become
SOC 2 Type II audits should be performed annually, however, there are times you may choose to perform them twice a year. Additionally, if recently completing a SOC 2 Type
This depends on how prepared and how many resources an Organization has to dedicate to the project. The first time through, usually a readiness assessment would be performed, and then
The SOC 1 has a completely different purpose than HITRUST. Typically a company would perform both if they are a TPA processing medical claims and other claims, where, there is
The availability criteria addresses how you go about ensuring the in-scope data and systems stay online and recoverability should go awry.
Depending on the size of your Company, you could look to another small business owner in a similar situation or trusted advisor to sit on each others board’s and create
SOC Reporting Guide