The famous French fashionista Coco Chanel once said, “don’t spend time beating on a wall, hoping to transform it into a door.”

Think about those a la carte sushi restaurants—the very cool ones with the circulating conveyor belts that let you select different dishes as they suit your fancy. Maybe your go-to is always California rolls, but you spot some delicious-looking Rainbow Rolls so you grab those one time. Or maybe you’re craving a Spicy Tuna roll, so you add that to your plate. Even if sushi is not quite your taste, you’d probably agree that SOC 2 audits are even less appetizing. Aside from the actual, in-depth audit process, they also require you to make a lot of decisions first, and it’s just added stress. That’s why you want to ensure that you take the audit path most helpful to you, and that includes the right criteria. SOC 2 functions a lot like that sushi conveyor belt—you have a lot of potential options. And we don’t just mean the SOC 2 Trust Services Categories (TSCs) that you have to select from to form the basis of your examination. We mean adding what is technically known as additional “subject matter.” For simplicity’s sake, we’ll just refer to it as “additional criteria.”

As globally accredited PCI QSAs, we get a lot of questions regarding the many facets of PCI DSS, payment card security’s flagship standard.

Founder of Apple, Steve Jobs, once remarked, “Privacy means people know what they’re signing up for, in plain language, and repeatedly. I believe people are smart. Some people want to share more than other people do. Ask them.”

When King George V died in 1936, he probably expected to smoothly pass his crown onto his eldest son, who would be crowned the new king. Everyone in the United Kingdom was comfortable with how the legacy of the constitutional monarchy worked, by that point, so they likely hoped for a smooth transition.

Matters of opinion can be pretty contentious.

When Alex Honnold scaled El Capitan in Yosemite without any kind of rope, his assessment of the risk was pretty simple.