What is SOC 2?
Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 defines criteria for managing customer data based on five Trust Service Principles. These are:
- Security
- Availability
- Processing integrity
- Confidentiality
- Privacy
Unlike other standards such as the PCI DSS, which have a very rigid requirement, SOC 2 reports are unique to each organisation. In line with specific business practices, each designs its own controls to comply with one or more of the trust principles.
There are two types of SOC reports:
- Type I Report – describes a vendor’s systems and whether their design is suitable to meet relevant trust principles.
- Type II Report – details the operational effectiveness of those systems.
These internal reports provide you (along with regulators, business partners, suppliers, etc.) with important information about how your service provider manages data.
Key features of this service
- Readiness assessment, remediation and audit service
- Project and audit scoping
- System or service description review
- AICPA Trust Service Principle selection from the 5 TSPs
- Risk assessment (assistance conducting risk assessment)
- Detailed readiness assessment report with a roadmap for compliance
- Follow up remediation and support can also be provided
- Audit of selected TSP controls
Benefits
- Tailored to your organisation’s core business objectives and requirements
- Establish trust with clients and stakeholders by providing independent audits
- Identifies and corrects inefficiencies in security operations
- Expand your business capabilities to public sectors and international markets
- Provides transparency into how your organisation controls and manages risk
- Reduces overall organisational and cyber risk profile
- Improves cyber resilience
- Reduces impact and response times from incidents
- Lowers the cost of cyber insurance premiums
How ERS can help you achieve SOC 2 Certification?
A SOC 2 is an attestation report that provides controls assurance over a defined set of the service provider’s systems. Each report covers a defined period of time (usually nine months) to be agreed on between the service auditor and service provider. SOC 2 certification is issued by the external service auditors. They assess the extent to which a vendor complies with one or more of the five trust principles based on the systems and processes in place.
ERS can help your organisation assess and achieve compliance against the SOC 2 requirements and also help facilitate external body audits and certification in relation to SOC2
How does SOC 2 Compliance help your organisation?
It enables demonstration to stakeholders that you have implemented appropriate controls in relation to security, availability, processing integrity, confidentiality and privacy. Our service is designed to help you prepare for and pass the SOC2 audit. The readiness assessment focuses on AICPA TSC and highlights corrective actions required for compliance.
You shall see the our blog on SOC 2: Implementation guide
For more information please contact us.
Have a look at the SOC 2 Service Guide below