• Does My Company Need Security Awareness Training? (8/15/2017) - What Is It? Security Awareness Training is a tool used to help your employees understand the myriad of nefarious attacks that they (or their company) could be subjected to while doing business on a day to day basis. Basically, you're trying to make your employees aware of security. I think it's important to note that security, used in this instance, can relate to: Administrative - Are policies and procedures written for all important business processes, and are they reviewed annually? Are all regulatory and governmental requirements met where necessary? Physical and Environmental - Are the building, it's inhabitants and the assets within… Continue Reading
  • Do we really need a SOC 1 or 2 report? (5/16/2017) - The most common reason for a company to have a SOC report is because their customers ask for (or demand) the report to be able to either do business or continue doing business with the company. When someone calls us for the first time, we will first gain an understanding about why they feel like they need a report and we will attempt to understand why their customer is asking them to have the audit performed. In some cases, their customer is simply asking for something from a checklist without understanding whether it is actually needed or not. Once we… Continue Reading
  • How to select a Type 1 or Type 2 SOC Report (5/9/2017) - Type 1 or Type 2? One of the many confusing things about getting a SOC audit for your business is deciding which would best help you meet your customers' needs. Due to confusing naming conventions, you get to pick from a confusing number of options with the most popular being: "SOC 1 Type 1", "SOC 1 Type 2", "SOC 2 Type 1" or "SOC 2 Type 2". For purposes of this post, we will discuss the "Type" only . For SOC reports, the "Type" of the report only tells you the time period that the service organization's controls were audited and no more. Type… Continue Reading