Just in case you get into SOC2 and want to know how to map it to existing information security implementation, whatever it may be, GDPR, ISO27001, NIST, … check this page
- 2017 TSC mapping to ISO 27001
- 2017 TSC mapping to NIST CSF
- 2017 TSC mapping to COBIT5
- 2017 TSC mapping to NIST 800-53
- 2017 TSC Mapping to GDPR
These links have nice XLS format sheets, with a bidirectional comparison between the frameworks.
Info on SOC1/SOC2/SOC3
SOC and SOX?
“ SOC reports refer to an audit of internal controls to ensure data security, minimal waste, and shareholder confidence; SOX relates to government-issued record keeping and financial information disclosure standards law. In other words, one is about keeping information safe, and the other is about keeping corporations in check.“
(braindump article, still in progress)