FAQ

What is the SOC 2 Common Criteria List?

The SOC 2 Common Criteria List refers to the set of criteria and principles that service organizations must adhere to and demonstrate compliance with in order to achieve SOC 2 (System and Or ...
October 31, 2023
FAQ

What is Evidence Collection in Compliance?

Evidence collection is the act of documenting an organization’s compliance processes and outcomes. Evidence collection is one of the best methods an organization can use to demonstrate tha ...
October 31, 2023
FAQ

What Are the PCI Audit Requirements?

If your organization is mandated to pass an on-site audit and submit a Report on Compliance under the Payment Card Industry Data Security Standard (PCI DSS), there are certain requirements t ...
October 31, 2023
FAQ

How Frequently Should You Audit for SOC 2?

After your first System and Organization Controls for Service Organizations 2 (SOC 2) report, you’ll most likely want to follow up every year with a new audit and report.  But you can ...
October 31, 2023
FAQ

What Is a SOC 2 Audit?

A System and Organization Controls for Service Organizations 2 (SOC 2) audit assesses how well a service provider’s internal controls and practices safeguard customer data’s privacy and ...
October 31, 2023
FAQ

SOC 1 vs SOC 2: What’s the Difference?

SOC audits — the acronym for “Systems and Organization Controls” — assure the effectiveness of internal controls at service organizations such as advisory firms, technology vendors, ...
October 31, 2023
FAQ

What are Internal Controls for Cash?

When determining your organization's risk management and security policies, establishing internal controls is a crucial part of the process. Internal control procedures help protect your org ...
October 31, 2023
FAQ

What is HIPAA Compliance?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires healthcare organizations to protect sensitive patient health information or Protected H ...
October 31, 2023
FAQ

What is PCI Compliance Level 1?

The Payment Card Industry Data Security Standard (PCI DSS) was enacted in 2004 to assure that all businesses that accept, handle, store, or transfer credit card information operate securely. ...
October 31, 2023
FAQ

Do I Need a SOC 2 Report?

 If your enterprise is a service provider that handles customer data, it should have a System and Organization Controls for Service Organizations 2 (SOC 2) report attesting to its SOC 2 com ...
October 31, 2023
FAQ

What Are the Steps of an Audit?

Audits are a critical internal audit process for businesses and organizations to ensure compliance, manage risk, and validate that your business follows processes and procedures correctly. B ...
October 31, 2023
FAQ

What is a PCI Readiness Assessment?

A Payment Card Industry Data Security Standard (PCI DSS) readiness assessment helps an organization evaluate if it is prepared for a full PCI DSS validation audit or Self-Assessment Question ...
October 31, 2023
1 7 8 9 10 11 28