SANS put together a great overview of SOC 2 terminology, report structure breakdown, and process in their signature cheat sheet format. This is a great document to keep handy if you are an auditor, executive, sales person, or whomever that may have to come in contact with a SOC 2 at some point in time. This is slightly outdated as of the Fall 2022 refresh of the SOC 2 but still a very handy item! Click here to download the sheet in PDF
SOC Reporting Guide
So you have been performing a SAS 70 for the last couple years, or, are getting ready prepared to embark on your first SAS 70, and all of a sudden
SSAE 16 is an enhancement to the current standard for Reporting on Controls at a Service Organization, the SAS70. The changes made to the standard will bring your company, and
SSAE 22 was issued a couple years ago, back in December 2020, to supersede AT-C section 210 with three primary changes: Description of the procedures a practitioner may perform in
User access reviews are a critical control in almost any IT control framework because they help ensure that users have the appropriate level of access to sensitive data and systems.
I’ve been hearing from various people in the marketplace that they were interested in learning about some steps, at a high level, that they need to take to get off
SSAE 16 was built upon the ISAE 3402 framework, which essentially is the same thing, but accepted at an international level with a number of deviations to be discussed here