-
Technology Service Providers and the new SOC reports
What do all of the 2012 changes to the IT Examination Handbooks have in common? They are all, directly or indirectly, related to vendor management. I had previously identified vendor management as a leading candidate for increased regulatory scrutiny in 2012, and boy was it. (Not all of my 2012 predictions fared as well, I’ll […]
-
5 Keys to Understanding a SOC 2 Report
Although I have written about these relatively new reports frequently, and for some time now, it still remains a topic of great interest to financial institutions. Fully 20% of all searches on this site over the past 6 months include the terms “SOC” or “SOC 2”, or “SAS 70”. Some of this increased interest comes […]
-
SOC 2 vs. SAS 70 – 5 reasons to embrace the change
The SOC 2 and SOC 3 audit guides have recently been released by the AICPA, and the SAS 70 phase-out becomes effective tomorrow. The more I learn about these new reports the more I like them. First of all, as a service provider to financial institutions we will have to prepare for this engagement (just […]