-
Service Providers – How to manage a SSAE 16/SOC 1/SOC 2/SOC 3 Review
m
-
User Organizations – How to read a SSAE 16/SOC 1/SOC 2/SOC 3 Report
m
-
CPA Firms – How to perform an SSAE 16/SOC 1/SOC 2/SOC 3 Engagement
m
The System and Organization Controls (SOC) 2 Report will be performed in accordance with AT-C 205 (formerly under AT-101) and based upon the Trust Services Principles, with the ability to
User access reviews are a critical control in almost any IT control framework because they help ensure that users have the appropriate level of access to sensitive data and systems.
The SOC 3 Report , just like SOC 2, is based upon the Trust Service Principles and performed under AT101, the difference being that a SOC 3 Report can be
Another series we will have periodic posts about will be related to potential controls that would be expected to be in place, almost regardless of the entity in question. This
There are significant differences between a Type I and Type II report, however, we aren’t going to discuss that here, thats for another day. We will discuss the basics of
Some organizations have heard of SAS 70, SSAE 16, and now SSAE 18, but, haven’t seen the value, other than because one of their customer require it. Truth is, that’s