Penetration Testing: Why It’s Important + Common Types

We get asked a lot about whether penetration testing is required to complete a SOC 2 report. Our latest article explores this question and more.

How do the value creation principles of subjective value, entrepreneurship and creativity apply in a highly technical rules-based environment like SOC Compliance audits. These are objective validations of data security measures based on customer-defined criteria similar to traditional financial audits but more specific and subjective.

Interviewing auditors is a necessary step in the process as you begin your SOC exam. Here we outline some questions and considerations to help you along the way.