SOC 2 Academy: Change Management Best Practices

Author: kirkpatrickprice00

Description: Learn more at

When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 8.1 says, “The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives.” How can organizations be sure that they’re complying with this criterion? Let’s discuss some change management best practices that organizations should be following.
During a SOC 2 audit, it’s especially important that organizations can demonstrate to their auditors that they have an effective change management system in place. Why? Change management systems provide organizations with policies and procedures for making updates to their IT infrastructure, which in turn helps mitigate the potential for overlooking any new vulnerabilities or risks created while changes are taking place. In the past, we’ve seen organizations use a variety of different change management systems, from simple forms to elaborate ticketing systems. Whichever way an organization chooses to implement their change management system though, they should end up with a database that allows them to review all of the changes that have been made at their organization, who authorized them, and who implemented them.

Stay Connected

More Free Resources
White Papers:

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.

For more about KirkpatrickPrice:
Contact us today: 800-770-2701