(270) 506-5140 CONTACT US
Login

Venminder Blog

Dec 31, 1969 by

SOC Reports

What to Know About SSAE 18 for Your Vendor Management

Jun 5, 2019

We had SAS 70, then SSAE 16... now we have the SSAE 18. SSAE 18 is a little different, so we’ve outlined some key points for you below to assist with your understanding.

Read More

SOC Reports

Risk of Not Reviewing Your Vendor's SOC Report

May 15, 2019

Reviewing each vendor’s SOC (System and Organization Controls) report is a critical due diligence step and is vital in the initial vendor selection stage and the ongoing monitoring stage. SOC [...]

Read More

SOC Reports

Vendor SOC 1, 2 or 3 – Understanding the Differences

Feb 12, 2019

If you’re a regulated organization, you likely already understand that you should be asking many of your vendors for a SOC reportespecially your critical or high risk vendors.  

Read More

SOC Reports

Red Flags in Critical Vendor SOC Reports

Oct 17, 2018

When you begin your initial due diligence or regular monitoring of a vendor, one of the first things to do is to request all their SOC reports. You also need to ask for the SOC reports for any [...]

Read More

SOC Reports

What's the Significance of a Vendor's Bridge Letter?

Oct 16, 2018

A bridge letter, also known as a gap letter, is made available by the service organization (your vendor) to cover a period of time between the reporting period end date of the SOC report and the [...]

Read More

SOC Reports

How, Why and When to Request a SOC Report from Your Vendors

Oct 10, 2018

Requesting a SOC report from your vendor is an important step to validate that the proper controls are in place at that company, and if not, to give you the opportunity to request your vendor [...]

Read More

SOC Reports

Experienced Auditor's Perspective on Vendor Cybersecurity, SOC Reports and Best Practices

Oct 8, 2018

Recently, as part of our Venminder Thought Leadership series, I had the opportunity to speak with Mike Morris at Porter Keadle Moore (PKM). In this series we speak with the industry’s sought-after [...]

Read More

SOC Reports

Why and When You Look at a Fourth Party’s SOC Report

Aug 29, 2018

Some say that your business is only as good as your employees. The same can be said for your vendors, as they are only as good as their vendor (your fourth party). A fourth party vendor is your [...]

Read More

SOC Reports

Vendor SOC Report Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

SOC Reports

6 Things to Do with a Vendor SOC Report Once You Have it

Aug 2, 2017

You're required to collect SOC Reports on your vendors. So, once you've determined which SOC report you need, make the request and receive it back...what's the next step? We'll explain now. 

Read More

SOC Reports

SSAE 18 Now In Effect

May 3, 2017

With it being the first week of May, there's an important reminder to point out to the financial industry regarding SOC reports for vendor management. As of Mon, May 1, SSAE 18 is now in effect.

Read More

SOC Reports

The Finer Points Of A SOC 2

Aug 11, 2015

In review, a SOC 1 report reviews financial and audit controls of a vendor. Basically a SOC 1 tells you if your vendor manages their books well (or not). But is it the right report for you? Does [...]

Read More

SOC Reports

6 Tips to Understanding a SOC 1 Report

Jul 24, 2015

Let’s start with a basic description of a SOC 1 report. A SOC 1 describes the system of internal controls in place at a service organization regarding internal controls over financial reporting.  [...]

Read More

Written by

Follow
Subscribe--Bg.jpg

Subscribe to the Venminder Blog