SOC 2 Confidentiality Policy Best Practices | SOC 2 School

Your SOC 2 confidentiality policy defines procedures to handle confidential information about clients, partners, and the company. Clients and partners expect you to keep their data secure and a confidentiality policy will demand this same expectation of your employees. Here are best practices Here are best practices to consider when writing your confidentiality policy: Answer this question: “What is confidential in your business?” Confidential data is any information that would cause reputational and/or financial harm if it was exposed outside of your organization.  Examples of confidential data are financial reports, customer databases, passwords, CRMs, lists of prospective customers, business strategies and other intellectual property. Confidentiality can sometimes be confused with privacy, but they mean very different things from a legal standpoint. In the context of a SOC 2 confidentiality policy, confidentiality focuses on personal information shared with a trusted advisor, such as a lawyer or therapist. This information generally cannot be

Read more

How To Stay SOC 2 Compliant | Advice For This Year’s Audit

Title page of guide to stay SOC 2 compliant

It’s safe to say that not many service providers look forward to soc 2 compliance. I'd guess not many of you have the AICPA on speed dial. Whether you're preparing for a Type 1 or Type 2, audits may be perceived as events that you prepare for and complete, but then eventually they go away - at least for a while. To stay SOC 2 compliant we suggest a paradigm shift. Treat compliance as a continuous process rather than a point-in-time event.  Unlike taxes, there is no 'audit-season.' Here are some tips for always being prepared for your next audit. Embrace the idea that policies and procedures evolve After spending considerable time getting your policies and procedures just right to address the trust services principles, it’s tempting to step back and say, “Good, we finally have all this great documentation, now let's not touch it again until we absolutely have

Read more

What Is SOC 2 Type 2 | A Guide To Complete Your First Type 2 Audit

Cover Image For Guide To Complete SOC 2 Type 2

There are several different levels of SOC (Service Organization Control) reports and types, so it is easy to get them confused. A SOC 2 Type 1 report looks at an organization’s controls at a point in time concerning its clients’ financial reporting. The SOC 2 Type 2 report measures those same controls over a more extended period. SOC 2 Type 1 builds on the reporting basis of SOC 1 but focuses on security controls rather than financial controls. The SOC 2 type 2 examines the effectiveness of those controls over a six-month period. There is also a SOC 3 report, which is essentially the same data found in a SOC 2 but written for public consumption. This blog will focus on outlining the path to SOC 2 Type 2. Starting your SOC 2 planning? Learn how strongDM makes SOC 2 compliance easy.  What Is A SOC 2 Report Although SOC

Read more

How To Speed Up A SOC 2 Report | A Guide To Narrow SOC 2 Scope

Woman seated at laptop sharing advice on how to speed up a SOC 2 report

One of the most critical steps is selecting members to lead the initiative. Many organizations start planning for SOC 2 thinking they can delegate responsibilities solely to members of the IT and information security staff. And although members of those teams will play a big part in the process, your core SOC 2 team will also include HR, legal and other business units as well. This blog will help you understand your core SOC 2 team and how to build it.

Read more

SOC2 Team | Learn To Define Roles & Responsibilities

One of the most critical steps is selecting members to lead the initiative. Many organizations start planning for SOC 2 thinking they can delegate responsibilities solely to members of the IT and information security staff. And although members of those teams will play a big part in the process, your core SOC 2 team will also include HR, legal and other business units as well. This blog will help you understand your core SOC 2 team and how to build it.

Read more