SOC 2 consulting
Our methods of assessing the internal controls of companies will significantly save time and labor required for the preparation, planning and realization of all stages of implementation of SOC 2.
Our methodology and experience of consulting on conducting SOC 2 audits will allow to identify existing discrepancies in a timely manner and develop an effective corrective action plan. We provide support of our Customers during the pre-certification and certification audits of SOC 2.
We will provide the necessary recommendations to key employees before the audit. We will make sure that all the company's correspondences are available. We will provide support during the inspection of documents and the office.
About the SOC 2 report
• Outsourcing IT companies.
• Clients of Internet services.
• Clients of companies that provide health care services.
• Manufacturers of food, pharmaceutical or high-tech products.
• For banks and financial companies, an additional advantage will be the confirmation by an external auditor of the quality of processing of personal data of clients and data protection in general (Security, Confidentiality and Privacy).
SOC-reports are new tools for confirming the quality of processes in companies
In 2011, the American Institute of Certified Public Accountants (AICPA) approved the Service Organization Control report framework (SOC framework). According to the framework, Certified Public Accountants (CPAs) can issue reports on the quality of certain internal controls of Service Organizations in the form of reports of three types - SOC 1, SOC 2 and SOC 3.
In 2017, the principles set out in the Service Organization Control report framework were harmonized with the internal control framework of The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and now obtaining an SOC report is equivalent to receiving an independent auditor's report on the company's internal control system. COSO Internal Control Integrated Framework.
The auditor meets with the company's staff, gathers evidence of the effective design and operation of certain controls that will be covered by the SOC report, compiles the Report and provides it to the customer. The difference is that the list of controls that need to be analyzed and evaluated is clearly defined by the Service Organization Control report framework. The customer must determine the type of Report (SOC 1, SOC 2 or SOC 3) and the list of domains that will be covered by this Report (Security, Availability, Processing integrity, Confidentiality, Privacy) in the case of SOC2 or SOC3, usually from the needs of users a report will be provided. As a result of the auditor's work, the Customer receives an SOC report in an agreed format (printed or electronic).