Remote CISO and Cybersecurity Services are available during COVID-19 Stay at Home
A SOC 2 report must cover the common criteria of Security but can also cover additional Trust Service Criteria such as Availability, Processing Integrity, Confidentiality, and Privacy.
What is SOC 2?
SOC 2 is a third-party attestation, a report built by an objective third-party that outlines findings of a security audit.
Key types of SOC 2:
SOC 2 Type I (Type 1)
A SOC 2 Type 1 report attests to the design and documentation of a service provider’s controls and procedures as of a specific date. However, the SOC 2 Type 1 report does not cover the actual operation of the controls.
SOC 2 Type II (Type 2)
Like a SOC 2 Type 1 report, a SOC 2 Type 2 report covers the design and documentation of controls. A SOC 2 Type 2 report also provides evidence as to how the organization operated its controls over a period of time (usually six months or more).
SOC 2 is a journey and our readiness assessment provides organizations with the tools and confidence to prepare for the route ahead with the help of our experienced auditors.
Here we determine what portions of your business should be included in the SOC 2 attestation. This is also where we help you determine what trust principles apply to you and your business.
Gap Analysis –
Learn about your business and determine where you currently stand as compared to where you need to be for SOC 2. Determine if the organization’s internal controls are designed and operating effectively.
Risk Assessment –
During a formal Risk Assessment, we determine where your organizations information security risks are unacceptably high and develop a Risk remediation plan and roadmap to address them.
Readiness Assessment –
Our SOC 2 experts will conduct an internal audit to ensure the controls are working as intended and generating the evidence that you will need for a smooth SOC 2 external audit and report.