SOC 2 Academy: Mitigating Risks that Lead to Business Disruption

Author: kirkpatrickprice00

Description: Learn more at

It’s inevitable that businesses will encounter some type of security incident. Whether it’s big or small, though they’ll need to be prepared. That’s where common criteria 9.1 comes into play. For service organizations committed to delivering secure services, they’ll need to demonstrate to their auditor during a SOC 2 audit that they mitigate risks that lead to business disruptions. How can they do that? We suggest two ways: creating a business continuity plan and purchasing insurance.
It’s critical that organization’s have a business continuity plan in place in the event of a natural or man-made disaster. What would happen if a power outage, tornado, or data breach hit your organization and you didn’t have a plan in place? How would your organization function in the event of a disaster? Disasters hit when organizations are least excepting it, so establishing and practicing a disaster recovery plan will help organizations comply with common criteria 9.1.
Likewise, purchasing insurance should be a key consideration amongst service providers. If disaster strikes, what would be the financial impact to your business? An organization might have vendors, clients, employees, and other personnel that would be impacted. By purchasing insurance, organizations can be better prepared for when, not if, disaster hits and can effectively mitigate risks that lead to business disruptions.

Stay Connected

More Free Resources
White Papers:

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.

For more about KirkpatrickPrice:
Contact us today: 800-770-2701