Menu
SOC Reporting Guide
User access reviews are a critical control in almost any IT control framework because they help ensure that users have the appropriate level of access to sensitive data and systems.
SOC 2 – CC6.3 The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes,
The first difference between the SSAE 16 and ISAE 3402 Standards is that SSAE 16 requires the service auditor to assess the risk associated with potential “Intentional Acts by Service
Another series we will have periodic posts about will be related to potential controls that would be expected to be in place, almost regardless of the entity in question. This
There are significant differences between a Type I and Type II report, however, we aren’t going to discuss that here, thats for another day. We will discuss the basics of
When performing a SSAE 16 Review, you will be inundated with various terms that you may have never heard of before. We plan on continuing with a serious of posts