Debbie Zaller

SOC, Meet Cybersecurity

As global cyberattacks become more common, organizations are fine tuning, or even implementing, a cybersecurity risk management program

What You Need to Know About Changes to the STAR Program

The CSA recently announced that the STAR Program will now allow a one-time, first-year only, Type 1 STAR Attestation report. What is a Type 1 versus Type 2 examination and what are the...

Tell The World: "I've Completed My Audits!!"

5 Simple Steps for Creating an Effective Change Management Program

Identifying changes that must be made is the easy part. Managing those changes successfully—not so simple! Organizations today need to be extraordinary at adapting to or influencing changes in...

How CISOs Can Work With Other Execs to Manage Information Security Risks

Unfortunately, 2015 saw some seriously impressive information security hacks, the likes of which included those at major companies and entities like VTech, T-Mobile, the FBI, and even Trump...

Privacy Principle Undergoes an Overhaul.

The AICPA just released an updated version of TSP Section 100. The update amends TSP Section 100 and supersedes Appendix C of TSP Section 100A, which relates to the Generally Accepted Privacy...

Tips for Creating a Security Whistleblower Strategy

When you hear the word “whistleblower,” do you think business traitor or Good Samaritan? In most company cultures, it tends to be the former, which is unfortunate because more often than not,...

4 Tips for Minimizing Internal Fraud

Your company has internal security measures in place, and it has met many compliance requirements. But do these things mean your business is now immune to fraud? Probably not. Research shows that...

3 Things CEOs Need to Know About Compliance

As CEO of your company, you’ve worked hard to grow the business and ensure success. But there can be a roadblock to future growth of your organization—lack of compliance. This can have several...

Does PCI provide an Attestation of Compliance report?

The result of a compliant PCI DSS assessment is the generation of an Attestation of Compliance (AOC) as well as a Report on Compliance (RoC). The AOC is attesting to the organization’s compliance...

How Compliance Leaders Can Prepare Companies for Audits

Nobody likes a compliance audit, but they serve a necessary purpose in the business world. If an organization is lacking in its adherence to global compliance regulations, there could be serious...

Can An Organization Keep Using The Old TSPs?

My company completes SOC 2 audits annually, and have for the last several years based on the old trust criteria. Our processes and our customer prefer the old criteria. Can we continue to have the...

Segregation of Duties and Compensating Controls

Segregation of Duties, Agile and DevOps development models may create scenarios where traditional SOD is impractical. Can compensating controls be considered for those requirements? Do you have...

Exposure Draft for Updates to the TSP Section 100

The Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA) issued an exposure draft on June 15, 2015, to amend the Trust Services...

Do Most Organizations Attest to TSP's?

Do most organizations attest to all of the TSP's? If not, how do you decide which TSP best suits what's required for your organization?

SOC 2 Type 1 and Type 2: A Quick Overview

Can you provide a quick overview on what a SOC 2 examination snd the difference between a Type 1 and Type 2 report? In early 2011, the AICPA issues its Service Organization Control (SOC) reporting...

SOC Examination: Is there a SOC certification similar to an ISO 27001 certification?

Is there a SOC certification similar to an ISO 27001 certification?

SOC Certification Similar to ISO 27001 Certification?

Is there a SOC certification similar to an ISO 27001 Certification?

SOC 2: Overview

What is a SOC 2 examination? How is it different than a SOC 1 examination?