SOC 2

SOC for Service Organizations: Trust Services Criteria

Overview

What is SERVICE ORGANIZATION CONTROLS (SOC)?

Secures Customer Data And Strengthens Internal Controls Of Organization Service Organization Controls 2 (SOC 2) compliance are explicitly prescribed for service based organisations such as SaaS Providers, Data Center/ Colocations, Document Production, and Data Analytics providers. Such controls affect the security, availability and integrity of the systems, used by the service organization to process user’s data.

SOC 2 is a third-party attestation, a report built by an objective third-party that outlines findings of a security audit. Key types of SOC 2:

SOC 2 Type I (Type 1)

A SOC 2 Type 1 report attests to the design and documentation of a service provider’s controls and procedures as of a specific date. However, the SOC 2 Type 1 report does not cover the actual operation of the controls.

Think of this as a “point-in-time” attestation.

SOC 2 Type II (Type 2)

Like a SOC 2 Type 1 report, a SOC 2 Type 2 report covers the design and documentation of controls. A SOC 2 Type 2 report also provides evidence as to how the organization operated its controls over a period of time (usually six months or more).

Think of this as a more continuous form of attestation.

Our SOC 2 Consulting Approach

1.SCOPE DETERMINATION

Here we determine what portions of your business should be included in the SOC 2 attestation. This is also where we help you determine what trust principles apply to you and your business.

2. GAP ANALYSIS

Here we learn about your business and determine where you currently stand as compared to where you want to be – status quo to SOC 2 ready.

3. RISK ASSESSMENT

Here, via formal Risk Assessment, we determine where your organizations information security risks are unacceptably high and develop a Risk Remediation plan to address them.

4. READINESS ASSESSMENT (Optional)

Here one of our SOC 2 experts will conduct an internal audit to ensure the controls are working as intended and generating the evidence that you will need for a “clean” SOC 2 external audit and report. Our auditor will be objective, not part of the original SOC 2 implementation.

Why Vtangent ?

Reasons you can rely on us.

High-quality Service

Outcome Focused

Actionable & Detailed Reports

Product Agnostic

learn more

Expertise

Vtangent employs highly-certified and experienced cybersecurity professionals with deep expertise in a broad range of security domains. Our security qualifications: 

Contact Us

Tell us About Your Cybersecurity Needs.
Get a free quote !

A specialist will reach out to:

  • Understand your needs
  • Determine your project scope
  • Provide a cost estimate
  • Send you a detailed proposal

Email: info@vtangent.com