SANS put together a great overview of SOC 2 terminology, report structure breakdown, and process in their signature cheat sheet format. This is a great document to keep handy if you are an auditor, executive, sales person, or whomever that may have to come in contact with a SOC 2 at some point in time. This is slightly outdated as of the Fall 2022 refresh of the SOC 2 but still a very handy item! Click here to download the sheet in PDF
SOC Reporting Guide
Another series we will have periodic posts about will be related to potential controls that would be expected to be in place, almost regardless of the entity in question. This
SANS put together a great overview of SOC 2 terminology, report structure breakdown, and process in their signature cheat sheet format. This is a great document to keep handy if
While some companies still request a SAS 70 report (why, who knows…), many contracts now require a SSAE 16 report, and with the change to SSAE 18 many are now
SSAE 16 was built upon the ISAE 3402 framework, which essentially is the same thing, but accepted at an international level with a number of deviations to be discussed here
A SSAE 18 / SOC 1 Type I Report shows Company’s that your Organization has appropriate controls designed and in place as of the date the report is issued. It
This tip is focused on designing controls that reflect the process being testing, if they don’t, a headache of massive proportions will be created once testing begins. What do you