Blog

SSAE 16 vs SSAE 18: Changes to SOC 1 Compliance Audits

by Hannah Grace Holladay / February 28, 2024

In April 2016, the American Institute of Certified Public Accountants (AICPA) made an important update to the attestation standards that will affect your next SOC 1 audit. Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification provides changes to SOC 1 audits and how attestation engagements are categorized. Below, we explore the reason for this change and how the SSAE 18 affects you What is…

5 Risk Management Best Practices for Organizational Management

by Tori Thurmond / February 27, 2024

Every day, we continuously evaluate risks and decide how to prevent them from adversely impacting us. We foresee the possibility of something happening to our car, hence we buy insurance. We know the statistics of home break-ins, so we set up an alarm system and replace the locks. We see the forecast for rain and bring an umbrella when we leave the house. Similarly, every business organization also has risks…

The 5 Steps of Risk Management

by KirkpatrickPrice / February 26, 2024

Business risks are inevitable: some are chosen deliberately, and others are inherent. Starting a business involves selling products, hiring employees, gathering information, and creating systems. While these steps are crucial for success, they also carry risks. How can a business thrive if it fails to balance risk-taking with risk mitigation? Below, we define and explore the role and steps of risk management. (more…)

How to Complete a PCI Audit in 7 Steps

by Hannah Grace Holladay / February 23, 2024

To protect the security of cardholder data, the PCI Security Standards Council requires organizations that work with payment cards to maintain compliance with the PCI DSS. If you’re an entity that stores, processes, or transmits cardholder data, it’s imperative to regularly conduct a PCI audit to ensure compliance. Below, we will define common PCI requirements and discuss the seven steps of conducting a PCI audit. What Is a PCI Audit?…

Notes from the Field: CIS Control 14 – Security Awareness and Skills Training

by Greg Halpin / March 7, 2024

Security awareness training is something I see companies doing either very well or not at all. It's unfortunate for the companies that don't do much, as a little training goes a very long way. Security awareness training is an investment that more than pays for itself. The more your employees are trained against potential threats and attacks, the safer your company and customer data. The less trained they are, the…

SSAE 16 vs SSAE 18: Changes to SOC 1 Compliance Audits

5 Risk Management Best Practices for Organizational Management

The 5 Steps of Risk Management

How to Complete a PCI Audit in 7 Steps

Notes from the Field: CIS Control 14 – Security Awareness and Skills Training

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.