SOC 2 Mythbusters
Other content in this Stream
SOC for Supply Chain - Eliminating the Blind Spot
Eliminating the blind spot within vendor and supply chain risk management
How to Maximize your SOC Report
SOC reports don’t have to be "routine"—maximize your report's value using the SHARPE method. Schellman Director Rob Tylka provides an overview
SOC for Supply Chain
EnergyTech Insights (Part 2): Cybersecurity Risk Management in the Energy Services World
In Part 2 of our EnergyTech series, Schellman's Grayson Taylor discusses the proactive approaches energy services entities (ESEs) are taking to manage cybersecurity risk and data protection.
Cue Internal Audit – Stage Right
The secret to a flawless, stress-free SOC examination experience? Utilizing your company's internal audit team. Schellman's Edward Delgado provides an overview of this invaluable resource.
SOC for Supply Chain
COVID-19 and SSAE 18
COVID-19 and SSAE 18: What Does This Mean for Your SOC Preparedness
Hopefully this writing finds you well and adjusting to perhaps the most serious health-related situation in many a lifetime. Perhaps it may find you contemplating preparedness in specific ways.
SOC 2 and ISO 27001: Compliance in Harmony
Risk Assessment Requirements for SOC Reporting
SOCratic Method: SOC 1, SOC 2, and SOC 3
SOC 2: Should I Merge?
A Buck For Your Thoughts - Episode 002
Utilizing SOC Examinations to Help with Vendor Management
You most likely selected the link to this blog to discover one of two things: 1) how to effectively manage vendor requirements via SOC reports or 2) what the SOC 1/SOC 2 examination...
SOC 3 Overview
SOC 2 Overview
SOC 1 Overview
Clearing Up The Confusion - Type 1 vs Type 2 and the Value Proposition
It may come as a bit of a surprise—maybe not—but there are actually two types of SOC reports. Upon examination, the service organization is responsible for specifying whether or not a...
SSAE 18 and Other Famous Acronyms - Encore
As SSAE No. 18 is now effective as of May 1st, organizations and their customers will have uncertainty in what the new standard means and how it will affect their SOC 1 reports.
SOC 2 But Not SOC 2+HITRUST?
Can my organization successfully complete a SOC 2 but still not successfully complete a SOC 2 + HITRUST?
Not A Game of Eeny, Meeny, Miny, Moe: Do Data Centers Need a SOC 1 or SOC 2?
The first question many service organizations have when they begin the process of researching Service Organization Control (SOC) reports is: which SOC report(s) do they need? The American...