|
|
|
|
|
|
by nijave
5 days ago
|
|
|
SOC 2 and ISO27001 are definitely not accounting audits. Our auditors request policies, procedures, and evidence that we're following the policies and procedures. Oftentimes evidence is screenshots of the running environment (vomit) or audit logs. The auditor may or may not selectively request more information on demand (so you can't go in being sure you know what they're looking at) If this is something you care about (compliance) your vendor due diligence process should include ensuring the company used a respected/trusted auditor. |
|
|
it IS an accounting certification. That include a cursory look at (likely outdated, often creator for the audit and never read by anyone) documentation.