If you’re reading this, you’re likely one of many in the industry who finds the entire concept of SOC (System and Organization Controls) reporting perplexing. Don’t worry. You’re not alone!
Just as the world is constantly changing, so is the world of vendor management. Thankfully, the world of vendor management is changing to improve vendor security and oversight for the better via [...]
The importance of a System and Organization Controls (SOC) report in third party risk management cannot be stressed enough. A SOC report is prepared by an independent auditor, so you can be [...]
We had SAS 70, then SSAE 16... now we have the SSAE 18. SSAE 18 is a little different, so we’ve outlined some key points for you below to assist with your understanding.
If you’re a regulated organization, you likely already understand that you should be asking many of your vendors for a SOC report, especially your critical or high risk vendors.
A bridge letter, also known as a gap letter, is made available by the service organization (your vendor) to cover a period of time between the reporting period end date of the SOC report and the [...]
Requesting a SOC report from your vendor is an important step to validate that the proper controls are in place at that company, and if not, to give you the opportunity to request your vendor [...]
Recently, as part of our Venminder Thought Leadership series, I had the opportunity to speak with Mike Morris at Porter Keadle Moore (PKM). In this series we speak with the industry’s sought-after [...]
You're required to collect SOC Reports on your vendors. So, once you've determined which SOC report you need, make the request and receive it back...what's the next step? We'll explain now.