Our Thoughts On

Sort by


Timothy Wolfgang

Articles 1 - 8 of 8

Five Questions to Assist With Identifying SOC Report Scope

The SOC reporting process can start with an organization’s desire to communicate to customers and potential customers that the organization’s

FDIC Information Technology Risk Examination (InTREx) Program Overview

The FDIC’s Information Technology Risk Examination (InTREx) Program is its current information technology and IT operations examination procedures.

How to Decide if a Type 1 or Type 2 SOC Report is Right for Your Organization

In a previous article, we described the differences between SOC 1 reports and SOC 2 reports. Once an organization decides to pursue a SOC 1 or SOC 2 report,

Inclusive or Carve-Out: How Subservice Organizations Are Presented in SOC Reports

Service organizations typically use subservice organizations (i.e. third parties) to perform key controls that are necessary, in combination with the controls

Register to receive our weekly newsletter with our most recent columns and insights.

SOC Reporting: Vendor or Subservice Organization?

Many service organizations outsource functions of their business to third-party organizations (vendors). The functions performed by vendors may impact

Bitcoin Technology Making Inroads in the Financial Industry via Blockchain

The meteoric rise of Bitcoin value over the past few months has garnered a lot of interest in the cryptocurrency. However, another aspect of the underlying

SOC Readiness Assessment-Practice Makes Perfect

Is obtaining a Service Organization Control (SOC) 1, SOC 2 or SOC 2 (Plus) report on your organization’s to-do list? If the answer to that question

Healthcare Organizations Can Implement the NIST Cybersecurity Framework with HITRUST

Healthcare organizations face growing challenges in regards to protecting their patient information. Recent studies found that the healthcare sector had

Register to receive our weekly newsletter with our most recent columns and insights.