WHAT IS A SOC 2 REPORT, AND WHY DO I NEED ONE?
Contact Us Today
- Security – The system is protected against unauthorized physical and logical access.
- Availability –The system is available for operation and used as agreed upon.
- Processing Integrity – System processing is complete, accurate, timely and authorized.
- Confidentiality –Information designated as confidential is protected as agreed upon.
- Privacy –Personal information is collected, used, retained, disclosed, and/or destroyed in accordance with established standards.
A SOC 2 report is unique to each company. Since not all principles are needed to provide a service, the review can be limited only to the principles that are relevant to the outsourced service being performed by your organization. As a result, you’ll have the flexibility to choose which principles will be covered by the audit.
In addition to the Trust Services Principles, a SOC 2 report may also include criteria defined by management, industry standards or third parties. The criteria must meet these basic characteristics:
- Objectivity
- Measurability
- Completeness
- Relevance
SIMILAR TO A SOC 1 REPORT THERE ARE TWO TYPES OF SOC 2 REPORTS
Type 2 – The Type 2 report, in addition to providing the same information as the Type 1 report, verifies that the controls are operating as intended, describes the tests your auditors performed to make that determination, and provides the results of those tests. This type of report reflects your organization’s controls over the course of a specific review period.
WHAT IS THE KEY DIFFERENCE BETWEEN A SOC 1 AND A SOC 2 REPORT?
Organizations that typically choose a SOC 2 report include:
- Data Centers & Colocation facilities
- Software-as-a-Service (SaaS)
- Document Printing & Production
- Managed IT Services
- Cloud Computing Providers
FOR ASSISTANCE WITH A SOC 2 REPORT, PLEASE COMPLETE THE CONTACT FORM BELOW OR SEND US AN EMAIL AND ONE OF OUR SUBJECT MATTER EXPERTS WILL RESPOND TO YOU SHORTLY.
WHICH SOC REPORT DO I NEED?
The audience of a SOC 1 report is typically the user organization’s CFO, CIO, Compliance Officer, Internal Audit Director and Financial Statement Auditors whereas a SOC 2 report’s audience is typically the user organization’s CFO, CIO, Compliance Officer, vendor management executives, regulators and certain business partners.
HOW CONTROL LOGICS CAN HELP
Our team of experienced certified information security auditors understand the complexities and key differences between each framework and what they mean to your organization. Our goal is to help you achieve compliance quickly and with minimal disruption to your daily business. Our service delivery model is designed to provide an unparalleled client service experience and our friendly audit team takes a collaborative approach towards helping our clients maximize the long-term business value of their audit and compliance activities.
In addition to a streamlined approach, Control Logics offers:
- Competitive, fixed-fee pricing
- Discounts for multi-year contracts
- Reduced on-site fieldwork by using our secure online client portal
- Director-level support and involvement in each phase of the engagement
To see how we can help your organization, contact us today!