Wipfli logo

Cert stacking: A new approach to third-party audits

Jacqueline Cooper
Sep 17, 2024

Third-party audits are an important part of vendor risk management. They can also become overwhelming. Multiple audits of the same environment may be required to satisfy client requirements (e.g., SOC, HITRUST, ISO 27001).

This webinar introduces another, more efficient option: certification (cert) stacking.

Learn how to pursue a single, coordinated audit that addresses multiple technical environments and client requirements. Our free webinar covers the benefits of cert stacking, plus best practices for coordinating such audits.

Watch the webinar to learn how to:

  • Define a consistent scope for cert-stacked audits to maximize efficiency.
  • Share evidence and test procedures across multiple audits to reduce redundancy.
  • Coordinate test timing to meet individual audit criteria.
  • Align teams, engagement managers and auditors.

The webinar addressed common issues with cert stacking, from managing too many environments to too much complexity.

When cert stacking is feasible, it can help your organization save valuable time. And it shows off the strength of your security and technology controls.

Author(s)

Jacqueline Cooper
CPA, MBA, CCSFP, CISA, Senior Manager
Karen Johnston
CCSFP, CIA, CISA, CCSFP-CHQP, Partner, Lead Auditor

TOP PICKS

CMS finalizes key proposals to enhance behavioral health services for rural and tribal communities
CMS finalizes key proposals to enhance behavioral health services for rural and tribal communities
Mind the gaps: Recent enforcement actions and what they say about AML/CFT data management