Sorry but this feels insane to me! If you're a provider of SOC 2 reports, and you allow your auditee to put periodic in their control testing for their SOC 2 Type 2 report. What exactly are you testing as part of that control that it operates in an ad-hoc manner? Am I missing something? I understand firms want to 'de-risk' their reports, but it also removes the value and validity of the control testing. How do you reviewing access quarterly or within 24 hours of a user terminating when your report states you do it periodically? #SOC2 #VendorManagement #AICPA
Steve Schwartz’s Post
More Relevant Posts
-
Well here it is. Kind of.... The SEC has passed a rule that requires Financial Institutions to report incidents impacting investor Personally Identifiable Information (PII) within 30 days of identifying a breach that was impactful to their information. If you are a large financial service firm you have 18 months to implement this. If you're on the smaller size you have 24 months to implement this. As always they mention the importance of policies and making sure that you have a strong incident response plan. #SEC #RegulatoryRequirements #CyberSecurity #BreachNotification https://lnkd.in/eBSJbUCH
-
Feels crazy to read that a Sheriff and part of the DEA task force is distributing narcotics….
James Darrell Hickox, a former Nassau County Deputy Sheriff and DEA Task Force Officer, pleaded guilty to one count of conspiring to distribute narcotics, one count of conspiring to defraud the United States, and one count of tax evasion. #WhatWeDoCounts #FollowTheMoney
Former Deputy Sheriff and DEA Task Force Officer pleads guilty to conspiring to distribute narcotics, defrauding the United States, and tax evasion
IRS Criminal Investigation Tampa Field Office on LinkedIn
-
Most courageous post I have seen on LinkedIn in a while! This is awesome Leslie Barrett!
Customer Marketing Director| Start-up Advisor | Top 50 Next Creator | CMA Influencer | Author
LET THE JOB OFFERS ROLL IN! 😐 While I'm so happy that my little girl is almost here, the job search has been pretty hard. Y'all ask me "how do you not have a job yet?" Welp, I feel the need to be honest once I get offers. If they can't accommodate to my situation, then I have to pass. Getting laid off while expanding your family is unlike anything I have ever experienced. The sadness is intense. Everything is amplified. I know posting this will NOT get me closer to a full time gig 😑 but perhaps it's a chance to say this: "Yes, I'm very pregnant – and yes, I'm eager to contribute to a team that values foresight, planning, and my unique strengths that come from life experiences. Companies should plan and invest in the right talent for future success. In other news, I'm getting closer to the launch of my own online business. I'd be a fool not to at this point. Feel free to send this to anyone that is in a similar situation for a little pick me up. We got this! #customermarketing #opentowork #buildingsomethingnew
-
-
I love this for NJCU Adult and Continuing Education and Sandy Guerrero! Congratulations!!!!
Today, I had the opportunity to meet and congratulate Sandy Guerrero, who is the first-ever National Collegiate Women's Wrestling Championship (NCWWC)/NCAA Individual Champion in the history of the State of New Jersey! Yes, she is from our very own NJCU!! Please join me in congratulating Sandy! #intentions #AngelaVMcKnight #LegislateEducateEmpower
-
Director at Design Compliance and Security, LLC
1moIs this based on a report you've read or is a firm not letting you do it? Management defines the controls, the auditor determined whether the controls meet the criteria. If it's a report you're reading, then it means the auditor thinks the ad-hoc design is adequate to meet the criteria. With the direction I've seen with SOC 2 report quality over the past few years due to the VC fueled race to the bottom, I've been rejecting more reports than ever when reviewing for clients...