Menu
SOC Reporting Guide
User access reviews are a critical control in almost any IT control framework because they help ensure that users have the appropriate level of access to sensitive data and systems.
SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16, and, obviously the relic of audit reports, SAS 70.
The first difference between the SSAE 16 and ISAE 3402 Standards is that SSAE 16 requires the service auditor to assess the risk associated with potential “Intentional Acts by Service
Unlock your understanding of SOC 2 with this cheat sheet by SANS. Ideal for auditors, executives, and sales professionals. Download now
If you have never been audited before, as is the case with many service organizations, you are probably wondering what kind of documentation will I need to give the auditors?
Another series we will have periodic posts about will be related to potential controls that would be expected to be in place, almost regardless of the entity in question. This