Entries by Noah Rosenberg

Solve your SOC 2 Anxiety

Getting a SOC 2 report and examination is only part of the battle, keeping up with your stated obligations and consistent re-examination means your company has to live a SOC 2 life.  Throughout the year testing, reviewing, and revising controls can take up a substantial portion of time and attention.  Utilizing Excel spreadsheets, PDFs, and […]

Broker Dealers and Broken Controls

Managing a financial advisory or brokerage firm is no small task; from finding clients, to advising the ones you already have, and everything in-between, compliance and governance can be a necessary burden.  While going through the vast regulations that shape the industry, the specific tasks of testing, preserving and repeating, are often asked.  Most firms […]

Is your firm ready for the change in Regulation BI (Best Interest)?

In June 2019 the United States SEC put forth changes in the way broker dealers and investment advisors deal with their customers, creating a fiduciary responsibility, and clear reporting of how your firm might be earning money from services and products provided to your clients.  These changes, while good for consumers, have created a regulatory […]

Three Business Continuity Tenants to Live By

1. Business Continuity is not just a matter of keeping your software up and running As a company keeping your application, services, or products alive for your clients is the most important service you provide. That follow through, on availability and capacity, is not just expected by your clients, it can quickly end your company […]

Cybersecurity Maturity Model Certification (CMMC) Audits Made Easy

Recently the US Federal Government announced plans to impose a cybersecurity audit and certificate program referred to as the Cybersecurity Maturity Model Certification (CMMC), which will be used as a standard requirement for all firms dealing with DoD data.  The CMMC closely follows established frameworks pulling heavily from the NIST CMF and 800-171 publications.  The […]

Incident Reporting in the Modern Age

As web-based applications started to gain steam bugs, issues, and upgrades became a discussion point around best practices to document and distribute this vital information. With more and more sophisticated ways to streamline communication, release timelines, and as a snapshot of the backlog your team needs to complete, the usefulness of the applications started to […]

SOC 2 for Companies vs CPA Firms

SOC 2 reports are becoming ubiquitous for businesses in the B2B market, creating a shared confidence that best business practices are followed and systems are developed with security and data privacy in mind.  StrunkAccess GRC provides a unique SOC 2 experience, and through our conversations with clients we have seen that predictably CPA firms have […]

Take The Scary Out of Your SOC2 Exam

SOC 2 examinations can be scary and complicated, taking up extended amounts of your employees‘ and stakeholders‘ time. Changes to the AICPA framework can throw your SOC 2 exam into a tailspin, if you discover you don’t have policies and controls to address the newer principles. Utilizing a patchwork of spreadsheets, word docs and PDFs […]

Report from AICPA Vegas

Recently I had the pleasure of attending the AICPA conference in Las Vegas Nevada, where I was able to connect with some of the most interesting companies in the accounting and auditing space. I was able to learn about products from companies like Peerview Data, which specializes in “turning client data into actionable insights” and […]

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.