Skip to content

SOC 2

SOC 2 consulting


Подготовка к аудиту на соответствие требованиям стандарта PCI DSS

Checking

Our methods of assessing the internal controls of companies will significantly save time and labor required for the preparation, planning and realization of all stages of implementation of SOC 2.

Сертификационный аудит на соответствие требованиям стандарта PCI DSS certification audit

Preparing

Our methodology and experience of consulting on conducting SOC 2 audits will allow to identify existing discrepancies in a timely manner and develop an effective corrective action plan. We provide support of our Customers during the pre-certification and certification audits of SOC 2.

Помощь в поддержке соответствия требованиям стандарта PCI DSS в течение года

Audit assistance

We will provide the necessary recommendations to key employees before the audit. We will make sure that all the company's correspondences are available. We will provide support during the inspection of documents and the office.

About the SOC 2 report


SOC 2 is designed to assess the internal controls of companies regarding Security, Accessibility, Integrity, Confidentiality, Privacy. Restricted for distribution.
• Companies that provide services to other organizations and want to provide their existing or potential customers with confirmation from an independent party about the high quality of their internal processes.
• Outsourcing IT companies.
• Clients of Internet services.
• Clients of companies that provide health care services.
• Manufacturers of food, pharmaceutical or high-tech products.
• For banks and financial companies, an additional advantage will be the confirmation by an external auditor of the quality of processing of personal data of clients and data protection in general (Security, Confidentiality and Privacy).
SOC reports, like any other auditor's report, reflect the situation at the time of issue of the report and for a certain period for which the audit was conducted, usually 1 year, in contrast to certification programs, which provide, in addition to obtaining a certificate, regular confirmation that the organization meets the conditions of certification (recertification).

SOC-reports are new tools for confirming the quality of processes in companies


In 2011, the American Institute of Certified Public Accountants (AICPA) approved the Service Organization Control report framework (SOC framework). According to the framework, Certified Public Accountants (CPAs) can issue reports on the quality of certain internal controls of Service Organizations in the form of reports of three types - SOC 1, SOC 2 and SOC 3.

In 2017, the principles set out in the Service Organization Control report framework were harmonized with the internal control framework of The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and now obtaining an SOC report is equivalent to receiving an independent auditor's report on the company's internal control system. COSO Internal Control Integrated Framework.

The auditor meets with the company's staff, gathers evidence of the effective design and operation of certain controls that will be covered by the SOC report, compiles the Report and provides it to the customer. The difference is that the list of controls that need to be analyzed and evaluated is clearly defined by the Service Organization Control report framework. The customer must determine the type of Report (SOC 1, SOC 2 or SOC 3) and the list of domains that will be covered by this Report (Security, Availability, Processing integrity, Confidentiality, Privacy) in the case of SOC2 or SOC3, usually from the needs of users a report will be provided. As a result of the auditor's work, the Customer receives an SOC report in an agreed format (printed or electronic).

Ask us about SOC 2 compliance

Ask a question