by Chris Dorr | Apr 16, 2019 | Third Party Risk Management
Editor’s Note: This post was originally published in April 2017. It has been updated to reflect the name change from AUP to SCA. A Standardized Control Assessment document (formerly known as an Agreed Upon Procedures document) is a great tool for third-party risk... by Kevin Hermosura | Apr 5, 2019 | Third Party Risk Management
When it comes to vendor risk management questionnaires, less can definitely be more. In this post, I’ll share three value-add tips on why and how to streamline your vendor review process and reduce the length of your questionnaires while maintaining a high level of... by Aurore Watts | Feb 28, 2019 | InfoSec Strategies
The new SOC 2 Trust Services Criteria (TSC), which the AICPA updated back in April 2017, are now required for SOC 2 reports as of December 15, 2018. These updates reflect the biggest change to the SOC 2 criteria to date. Key Changes New “buckets” parallel... by Jeremy Sporn | Jan 9, 2018 | ISMS Consulting
The SaaS model depends on trust. As a SaaS provider, are potential customers confident they can trust you with their data? Despite massive and growing investments in cloud applications and services, a recent McAfee study on the state of cloud adoption and security... by Chris Dorr | Aug 12, 2016 | Third Party Risk Management
“The Bourne Ultimatum,” by Robert Ludlum. “The Hunt for Red October,” by Tom Clancy. “SOC 2 – Type II Service Auditor’s Report,” by Random & Random, CPA. One of these things is not like the others. SOC 2 reports...
