User access reviews are a critical control in almost any IT control framework because they help ensure that users have the appropriate level of access to sensitive data and systems.
SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16, and, obviously the relic of audit reports, SAS 70.
If you have never been audited before, as is the case with many service organizations, you are probably wondering what kind of documentation will I need to give the auditors?
Another series we will have periodic posts about will be related to potential controls that would be expected to be in place, almost regardless of the entity in question. This