SOC 2 CC9: Common Criteria related to Risk Mitigation by David Schroth SOC 2 CC8: Common Criteria related to Change Management by David Schroth SOC 2 CC7: Common Criteria related to System Operations by David Schroth SOC 2 CC6: Common Criteria related to Logical and Physical Access by David Schroth SOC 2 CC5: Common Criteria related to Control Activities by Adam Fowler SOC 2 CC4: Common Criteria related to Monitoring Activities by Adam Fowler SOC 2 CC3: Common Criteria related to Risk Assessment by Adam Fowler SOC 2 CC2: Common Criteria related to Communication and Information by Adam Fowler SOC 2 CC1: Common Criteria related to the Control Environment by David Schroth Third Party Vendor Management: What You Need to Know by Adam Fowler SOC 1 vs. SOC 2: What is the Difference? by Adam Fowler Explained: Security Incident Response Plan by Adam Fowler Bridge Letter: Things You Should Know by David Schroth Explained: Microsoft’s SSPA Program by Gary Gaboury Does My Company Need Security Awareness Training? by Adam Fowler Do I Really Need a SOC 1 or 2 Report? by David Schroth How to select a Type 1 or Type 2 SOC Report by David Schroth
