SOC 2 Type 1

Brian Johnson
Contributor

Physical Facility Access Policy Best Practices | A SOC 2 Primer

August 12, 2019

Physical security is not just a concern for large companies. A small business also needs an established physical security policy to protect their physical assets and provide their employees with a sense of protection and safety. In this policy, you will define the controls, monitoring, and removal of physical access to your company’s facilities. Here are five practices for writing

Read more

How To Prepare For Your First SOC 2 Audit A 30-90-120 Day Plan

April 17, 2019

Despite thousands of articles, there's shockingly little actionable advice to help startups complete SOC 2. When you don't have dedicated compliance teams or six figure budgets, we set out to answer: When to pull the trigger on SOC 2. Who needs to be involved in prep work & what tasks can/can not be delegated. How to narrow the scope and

Read more
Brian Johnson
Contributor

SOC 1 vs SOC 2 | When Is The Right Time To Pursue SOC 2?

January 31, 2019

Confusing SOC 1 and SOC 2 is easy. While both compliance frameworks attest to the controls used within your organization, the frameworks differ in focus. SOC 1 looks at your organization’s financial reporting, while SOC 2 focuses on how you secure and protect customer data. This blog post will focus on exploring the differences between SOC 1 and SOC 2.

Read more
Brian Johnson
Contributor

What’s Included in a SOC 2 Report: A Breakdown

December 3, 2018

A SOC 2 report (Service Organization Control report 2) focuses on the controls a company uses to protect customer data, as well as the operational effectiveness of those controls. A SOC 2 report should not be confused with a SOC 1 report, which focuses on a company’s financial reporting, nor should it be confused with a SOC 3 report, which

Read more
Brian Johnson
Contributor

What Is SOC 2 Type 2 | A Guide To Complete Your First Type 2 Audit

November 1, 2018

There are several different levels of SOC (Service Organization Control) reports and types, so it is easy to get them confused. A SOC 2 Type 1 report looks at an organization’s controls at a point in time concerning its clients’ financial reporting. The SOC 2 Type 2 report measures those same controls over a more extended period. SOC 2 Type

Read more