15 docs tagged with "security"

There are quite a few auditing principles and concepts that might seem foreign to management or perhaps even an inexperienced service auditor.

Your SOC 2 is only valid for a year after your audit. If you’re behind on renewing your SOC 2 report and it falls past the date in which it’s valid, you may need a SOC 2 bridge letter. In this guide, we’ll explain what a SOC 2 bridge letter is and the role it plays in maintaining trust with your customers as you renew your report.

Comprehensive glossary of compliance, security, and GRC terminology including SOC 2, ISO 27001, GDPR, HIPAA, risk management, and audit-related terms and definitions

Guide to conducting a SOC 2 audit including communication strategies, audit procedures, documentation requirements, and best practices for successful compliance attestation

No, a SOC 2 is not legally required by any organization. However, your customer may require you to obtain one in order to do business with you.

Health Insurance Portability and Accountability Act - Protecting Health Information Privacy and Security

Comprehensive overview of authentication methods supported by the Openlane platform

Permissions model and structure within the Openlane platform

The below diagram does not depict all processes in an audit however it provides you with a high-level overview of what high level steps are involved in going through a SOC2 audit. Every auditing firm, consultant, and lead implementer will have its own processes and techniques for completing the audit.

Overview of policies and procedures within Openlane

There are three documents you’ll need for your SOC 2 audit: a management assertion, a system description, and a controls matrix.

Passwords and MFA

Comprehensive guide to SOC 2 compliance including Trust Services Criteria, AICPA framework, implementation timeline, costs, and audit requirements for service organizations

You should always refer to the published standard for details regarding the prescribed controls or implementation guidance. At the time of writing, the most current SOC 2 version is the 2017 with revised points of focus 2022. However, the below tables provide a high-level overview of the common criteria for each Trust Services Criteria (TSC) and the points of focus that should be used as guidance for convenience and easier readability.

Customer-facing portal for demonstrating your security posture and compliance status