Resources
Here’s what we’re thinking about, writing about, and reading about.
We hope you find it helpful.
Written by us

You’ve completed your SOC 2 report. That first-time report can be a lot of work, and it’s worth celebrating while you hang the new AICPA logo on the website. So what’s next?


Check out our SOC Report FAQs written by ChatGPT and edited by MJD auditors.


We get asked a lot about whether penetration testing is required to complete a SOC 2 report. Our latest article explores this question and more.


In general, all SOC 2 reports must cover the trust services criteria relevant to security, so that is a good place to start.


There is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literature that set the standards, the true answer is this: There are absolutely no control requirements for SOC 2 reports.


During the audit process, we might identify gaps or control exceptions, but our role encompasses much more than that.

Recommended by us

Jemurai talks about the good, bad, and ugly they see around cybersecurity audits.


Echelon Risk + Cyber, in this article, breaks down everything you need to know about the ISO 27001: 2022 updates.


Software Secured shares exactly how penetration testing increases the ROI of your ISO 27001 compliance.

If you have questions or content you’d like to see, email us at info@mjd.cpa.
For more information on SOC report types and usage, please visit the American Institute of Certified Public Accountant's (AICPA) website.