Resources

Here’s what we’re thinking about, writing about, and reading about.
We hope you find it helpful.

Article

SOC 2 Surprises SOC 2 Surprises

Written by

Mike, DeKock, CPA, CEO

Apr 4, 2025

In the News

Article

Bridging the Gap: Keys to Embracing AI in 2024 Bridging the Gap: Keys to Embracing AI in 2024

AI is unchartered territory for many companies; however, the more it evolves, the more it becomes clear that AI adds critical business value when used responsibly.

Article

Compliance Doesn't Have to Disrupt Startup Agility - It Can Boost It Compliance Doesn't Have to Disrupt Startup Agility - It Can Boost It

The word "compliance" might make startup founders shudder as they think of onerous, time-consuming processes, but it doesn't have to be that way.

Article

Not Your Typical CPA Firm Not Your Typical CPA Firm

A CEO on a mission to guide companies through the ever-changing world of technology.

Written by us

Article

SOC 2® Reports and Penetration Tests SOC 2® Reports and Penetration Tests

We get asked a lot about whether penetration testing is required to complete a SOC 2 report. Our latest article explores this question and more.

Blog Post

7 min read

What controls are required for SOC 2® reports?What controls are required for SOC 2® reports?

There is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literature that set the standards, the true answer is this: There are absolutely no control requirements for SOC 2 reports.

Blog Post

6 min read

Is the auditor’s role in a SOC 2® audit just to find gaps in our system?Is the auditor’s role in a SOC 2® audit just to find gaps in our system?

During the audit process, we might identify gaps or control exceptions, but our role encompasses much more than that.

Recommended by us

Article

Penetration Testing: Why It’s Important + Common Types Penetration Testing: Why It’s Important + Common Types

Penetration testing simulates an outside attack on your applications and network. Drata shares the types of pen tests and how to conduct one to prevent risk.

Article

How Penetration Testing Increases Your ROI of ISO 27001 Compliance How Penetration Testing Increases Your ROI of ISO 27001 Compliance

Software Secured shares exactly how penetration testing increases the ROI of your ISO 27001 compliance.

Article

ISO/IEC 27001: 2022 - Your Guide to the Updates and How to Get (and Stay) Compliant ISO/IEC 27001: 2022 - Your Guide to the Updates and How to Get (and Stay) Compliant

Echelon Risk + Cyber, in this article, breaks down everything you need to know about the ISO 27001: 2022 updates.

If you have questions or content you’d like to see, email us at info@mjd.cpa.
For more information on SOC report types and usage, please visit the American Institute of Certified Public Accountant's (AICPA) website.