Here’s what we’re thinking about, writing about, and reading about.
We hope you find it helpful.
Written by us
You’ve completed your SOC 2 report. That first-time report can be a lot of work, and it’s worth celebrating while you hang the new AICPA logo on the website. So what’s next?
Check out our SOC Report FAQs written by ChatGPT and edited by MJD auditors.
We get asked a lot about whether penetration testing is required to complete a SOC 2 report. Our latest article explores this question and more.
In general, all SOC 2 reports must cover the trust services criteria relevant to security, so that is a good place to start.
There is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literature that set the standards, the true answer is this: There are absolutely no control requirements for SOC 2 reports.
During the audit process, we might identify gaps or control exceptions, but our role encompasses much more than that.
Recommended by us
Jemurai talks about the good, bad, and ugly they see around cybersecurity audits.
Echelon Risk + Cyber, in this article, breaks down everything you need to know about the ISO 27001: 2022 updates.
Software Secured shares exactly how penetration testing increases the ROI of your ISO 27001 compliance.