Our Thoughts On

Sort by

Categories
Authors

Risk Advisory/Internal Audit

Articles 51 - 60 of 100

What Are Complementary Subservice Organization Controls And How Do They Impact SOC Reports?

Service organizations typically outsource functions such as data center hosting or transaction processing, to outside vendors, referred to as subservice

The IT Security Superhero's Guide to Good Cyber Hygiene

“Move along folks, nothing to see here!” is what I imagine stressed-out IT security crusaders worldwide murmur every night in their sleep.

Inclusive or Carve-Out: How Subservice Organizations Are Presented in SOC Reports

Service organizations typically use subservice organizations (i.e. third parties) to perform key controls that are necessary, in combination with the controls

SOC Reporting: Vendor or Subservice Organization?

Many service organizations outsource functions of their business to third-party organizations (vendors). The functions performed by vendors may impact

Register to receive our weekly newsletter with our most recent columns and insights.

The Rise of Business Email Compromise Scams

The Rise of Business Email Compromise Scams Business Email Compromise – or BEC – is an increasingly common scam targeting U.S. and European

GDPR or Naught

Over the past few weeks, there have been multiple major news stories regarding data security, but one that affects over 85 million individuals is Facebook

How to Address a Modified Opinion in your SOC Report

In the event that a user obtains a System and Organization Controls (SOC) Report and sees that the service auditor has modified their opinion in some way,

One Month Away: Should You Be Preparing for GDPR?

We’re now less than a month away from the beginning of the European Union’s enforcement of the General Data Protection Regulation (GDPR), effective

Register to receive our weekly newsletter with our most recent columns and insights.

What do user entities expect to be in your SOC Report?

When a service organization engages a service auditor to perform a System and Organization Controls (SOC) report examination, it is important to note that

The Second Line of Defense: An Overview

Risk management in any organization can be complex and difficult. Many companies address the complexity by adding layers of audit and governance, and when

Register to receive our weekly newsletter with our most recent columns and insights.