Discussions, questions, and answers around SOC 2.
- 3 Topics
- 2 Replies
Our cybersecurity compliance expert @Troy_Fine shared on LinkedIn a great post about the different aspects that can impact your experience during an audit, and we wanted to be sure you all didn’t miss it. Some may not be aware, but your experience during an information security audit such as SOC 2, ISO 27001, PCI, HITRUST, and CMMC can be significantly influenced by the following:-Auditor Rigor:Some standards make the rigor more consistent, but SOC2 and ISO 27001 give the auditor/certification body much more leeway. Not all auditors will require the same amount/type of evidence to conclude on a control/requirement being met.-Auditor Sample Size Methodology:Standards typically allow auditors to determine the sample size for testing controls based on their own internally developed methodology. This methodology could cause you to have to provide more samples from one firm to the another.-Auditor Competency:Your auditor may not understand your technology, especially when it comes to the cl
Hi all, and welcome to Secured! We are excited that you are here and interested in learning more about the SOC 2 process. To kick our community off and set you off on the right path, one of our compliance experts, Troy Fine, created a new series that highlights some of the most basic information that you’ll want to know prior to getting started. You can check out all five episodes on our Compliance 101 blog here Have questions? Feel free to start new threads in this part of the community.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.