FDIC Information Technology Risk Examination (InTREx) Program Overview
The FDIC’s Information Technology Risk Examination (InTREx) Program is its current information technology and IT operations examination procedures.
How to Decide if a Type 1 or Type 2 SOC Report is Right for Your Organization
In a previous article, we described the differences between SOC 1 reports and SOC 2 reports. Once an organization decides to pursue a SOC 1 or SOC 2 report,
Inclusive or Carve-Out: How Subservice Organizations Are Presented in SOC Reports
Service organizations typically use subservice organizations (i.e. third parties) to perform key controls that are necessary, in combination with the controls
SOC Reporting: Vendor or Subservice Organization?
Many service organizations outsource functions of their business to third-party organizations (vendors). The functions performed by vendors may impact