SOC (System and Organization Controls) 2 Audits
SOC 2 solutions
This consultancy service has been designed to help you prepare for and pass a SOC 2 audit. It evaluates your organisation’s audit-readiness by assessing the suitability of the TSC risk-mitigating controls to the service(s) you offer.
The SOC 2 Readiness Assessment results in a detailed report that identifies any areas in which your controls fall short of the required standard.
This service includes advice on defining a suitable audit scope, guidance in compiling the content of the service or system description, and assistance in identifying which of the TSC are relevant to your organisation’s key risks.
The SOC 2 Remediation Service can help you rectify any compliance gaps identified by our SOC 2 Readiness Assessment. Remediation consultancy is specific to each organisation but typically could include the following:
- Development of policies/procedures and modification of existing policies/procedures;
- Conducting a risk assessment;
- Selecting appropriate controls; and
- Testing to ensure that new controls have been implemented and are operating effectively.
Although SOC 2 reports do not technically expire, they are generally considered valid for 12 months.
Once you’ve passed your SOC 2 audit, you’ll therefore want to maintain your compliance with your selected TSC to ensure your recertification audit goes as smoothly as possible – after all, no one wants to start again from scratch the following year, especially if they also have to add extra security controls to meet the requirements of new clients.
Our extensive expertise helping organisations implement and maintain information security best practices means we can support you as you embed the controls you need to operate securely.