SOC 2

SOC 2 consulting

We provide SOC 2 Trust Services Criteria (TSC) consulting and audit assistance services.
We have strong experience in SOC 2 Type I / SOC 2 Type II implementation and audit

Also, we are ready to carry out additional work, for example, penetration testing, etc.

REQUEST A CALLBACK!

Ask the expert

Ask us about SOC 2 compliance

Gap Analysis

Our methods of assessing the internal controls of companies will significantly save time and labor required for the preparation, planning and realization of all stages of implementation of SOC 2.

Our methodology and experience of consulting on conducting SOC 2 audits will allow to identify existing discrepancies in a timely manner and develop an effective corrective action plan. We provide support of our Customers during the pre-certification and certification audits of SOC 2.

Audit assistance

We will provide the necessary recommendations to key employees before the audit. We will make sure that all the company's correspondences are available. We will provide support during the inspection of documents and the office.

About the SOC 2 report

General information

SOC 2 is designed to assess the internal controls of companies regarding Security, Accessibility, Integrity, Confidentiality, Privacy. Restricted for distribution.

Who is interested in the SOC 2 report?

• Companies that provide services to other organizations and want to provide their existing or potential customers with confirmation from an independent party about the high quality of their internal processes.
• Outsourcing IT companies.
• Clients of Internet services.
• Clients of companies that provide health care services.
• Manufacturers of food, pharmaceutical or high-tech products.
• For banks and financial companies, an additional advantage will be the confirmation by an external auditor of the quality of processing of personal data of clients and data protection in general (Security, Confidentiality and Privacy).

The difference between SOC reports and international standards

SOC reports, like any other auditor's report, reflect the situation at the time of issue of the report and for a certain period for which the audit was conducted, usually 1 year, in contrast to certification programs, which provide, in addition to obtaining a certificate, regular confirmation that the organization meets the conditions of certification (recertification).

SOC-reports are realible tools for confirming the quality of processes in companies

In 2011, the American Institute of Certified Public Accountants (AICPA) approved the Service Organization Control report framework (SOC framework). According to the framework, Certified Public Accountants (CPAs) can issue reports on the quality of certain internal controls of Service Organizations in the form of reports of three types - SOC 1, SOC 2 and SOC 3.

In 2017, the principles set out in the Service Organization Control report framework were harmonized with the internal control framework of The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and now obtaining an SOC report is equivalent to receiving an independent auditor's report on the company's internal control system. COSO Internal Control Integrated Framework.

The auditor meets with the company's staff, gathers evidence of the effective design and operation of certain controls that will be covered by the SOC report, compiles the Report and provides it to the customer. The difference is that the list of controls that need to be analyzed and evaluated is clearly defined by the Service Organization Control report framework. The customer must determine the type of Report (SOC 1, SOC 2 or SOC 3) and the list of domains that will be covered by this Report (Security, Availability, Processing integrity, Confidentiality, Privacy) in the case of SOC2 or SOC3, usually from the needs of users a report will be provided. As a result of the auditor's work, the Customer receives an SOC report in an agreed format (printed or electronic).

ENG

UA

RU

ENG