SOC 2

Josef Kamara, CPA, CISSP, CISA · Updated May 2, 2026 · 1 minute read

Control Deficiency

A gap where a security control is missing, inadequately designed, or not operating effectively. Auditors classify control deficiencies by severity: a significant deficiency affects the audit opinion while an observation is informational.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.