SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16, and, obviously the relic of audit reports, SAS 70. The changes made to the standard
SOC 2 – CC6.3 The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of
SSAE 22 was issued a couple years ago, back in December 2020, to supersede AT-C section 210 with three primary changes, apply to both SOC 1 and SOC 2: Description of the procedures a practitioner may
Unlock your understanding of SOC 2 with this cheat sheet by SANS. Ideal for auditors, executives, and sales professionals. Download now
User access reviews are a critical control in almost any IT control framework because they help ensure that users have the appropriate level of access to sensitive data and systems. Without integrity of system access how
A SSAE 18 / SOC 1 Type I Report shows Company’s that your Organization has appropriate controls designed and in place as of the date the report is issued. It does not provide assurance that controls
Some organizations have heard of SAS 70, SSAE 16, and soon to be SSAE 18, but, don’t really know WHY they need to pay to have a bunch of auditors trounce through their company for a
This tip is focused on designing controls that reflect the process being testing, if they don’t, a headache of massive proportions will be created once testing begins. What do you do to make sure you don’t
The System and Organization Controls (SOC) 2 Report will be performed in accordance with AT-C 205 (formerly under AT-101) and based upon the Trust Services Principles, with the ability to test and report on the design