Resources

How do the value creation principles of subjective value, entrepreneurship and creativity apply in a highly technical rules-based environment like SOC Compliance audits. These are objective validations of data security measures based on customer-defined criteria similar to traditional financial audits but more specific and subjective.

March 28, 2024 - Family Businesses 2 Wayne Elliott and Security Audits Mike DeKock - School for Startups Radio Entrepreneur Podcast - Learn to be a low risk entrepreneur!

A System and Organization Controls 2 (SOC 2) report shows how compliance can continuously improve an organization and add value.

We get asked a lot about whether penetration testing is required to complete a SOC 2 report. Our latest article explores this question and more.

There is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literature that set the standards, the true answer is this: There are absolutely no control requirements for SOC 2 reports.

During the audit process, we might identify gaps or control exceptions, but our role encompasses much more than that. 

Jemurai talks about the good, bad, and ugly they see around cybersecurity audits.