SOC 1 reports can be confusing. There can be multiple types, some reports have fourth parties involved, you may have the right vendor but wrong report, you may be trying to determine what the [...]
ISO certifications, specifically ISO/IEC 27001:2013, will inform you on a vendor’s information security. They’re a great indicator of internal process maturity at an organization. The result of [...]
We had SAS 70, then SSAE 16... now we have the SSAE 18. SSAE 18 is a little different, so we’ve outlined some key points for you below to assist with your understanding.
You're required to collect SOC Reports on your vendors. So, once you've determined which SOC report you need, make the request and receive it back...what's the next step? We'll explain now.
As tiring as it may sound, training is still the most important risk mitigation factor in reducing the number of insider threats. Insider threats originate either through the vulnerability of [...]