What is SOC 2 System Operations (CC7)? Organizations are responsible for managing the operation of their systems, which means they need to continuously work to detect, prevent, and address any security issues that may impact their business. Staying on top of monitoring security protocols, preventing and responding to security incidents, and having a plan of …
SOC 2 CC7: Common Criteria related to System Operations Read More »
What is SOC 2 Logical and Physical Access (CC6)? Organizations are responsible for controlling logical and physical access to their protected information by using appropriate security software,infrastructure, and architectures. Implementing and maintaining these necessary controls will protect your company’s valuable data and prevent unwanted security events. It will also help you meet the requirements outlined …
SOC 2 CC6: Common Criteria related to Logical and Physical Access Read More »
What Is the SOC 2 Control Environment (CC1)? Out of the Common Criteria, the Control Environment (also known as CC1), addresses several entity level controls that are expected to be in place across the Company. Much like the Common Criteria 2 through 5, CC1 is based upon COSO and borrows from its requirements to use …
SOC 2 CC1: Common Criteria related to the Control Environment Read More »
Have you ever been asked by a client for a bridge letter? Have you received one from a vendor, and you’re curious as to what it means? Is it an official document, or can anyone write and issue one? Read on to find out! What is a Bridge Letter? A bridge letter, also known as …
The most common reason for a company to have a SOC report is because their customers ask for (or demand) the report to be able to either do business or continue doing business with the company. When someone calls us for the first time, we will first gain an understanding about why they feel like …
Type 1 or Type 2? One of the many confusing things about getting a SOC audit for your business is deciding which would best help you meet your customers’ needs. Due to confusing naming conventions, you get to pick from a confusing number of options with the most popular being: “SOC 1 Type 1”, “SOC 1 Type …
