This SOC 2 consultancy service has been designed to help service organisations prepare for and pass a SOC 2 audit against the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria).
Full project pricing depends on the size and complexity of your organisation and the level of assistance you need. Please contact us to discuss your requirements.
SOC 2 audit reports enable service organisations to demonstrate to clients and other stakeholders that they have implemented appropriate controls in relation to security, availability, processing integrity, confidentiality and privacy.
This consultancy service has been designed to help you prepare for and pass a SOC 2 audit. It comprises two parts:
A SOC 2 audit can only be performed by an independent CPA (certified public accountant) or duly recognised accountancy organisation regulated by the AICPA.
CPA organisations may employ non-CPA professionals with relevant information technology and security skills to participate in preparing for a SOC audit, but the final report must be provided and issued by a CPA. A successful SOC audit carried out by a CPA permits the service organisation to use the AICPA logo on its website.
A SOC 2 audit report provides information and assurances about the suitability of the design and effectiveness of the service organisation’s controls. The report is generally restricted-use for existing or prospective clients.
IT Governance can help your organisation throughout the entire SOC preparation, remediation, testing and reporting process.
Our expert cyber security consultants have years of experience helping organisations prepare for SOC audits.
We will identify and advise on the SOC audit that best suits your organisation.
The SOC 2 Audit Readiness Assessment results in a detailed report that identifies any areas in which your controls fall short of the required standard and provides a remediation plan to ensure compliance. (Please see service description table above.)
The SOC 2 Audit Readiness Assessment includes advice on defining a suitable audit scope, guidance in compiling the content of the service or system description, and assistance in identifying which of the TSC are relevant to your organisation’s key risks.
Once any shortfalls have been identified, the SOC 2 Audit Remediation Service can help you rectify them. Remediation consultancy is specific to each organisation but typically could involve the following:
IT Governance has partnered with CyberGuard, a leading AICPA- and PCAOB (Public Company Accounting Oversight Board)-registered CPA audit organisation based in the US, which will perform the required testing and reporting.
A SOC 2 audit:
SOC 2 audits are aimed at organisations that provide services to other organisations.
If, for example, your organisation provides Cloud services, a SOC 2 audit report will go a long way to establishing trust and credibility with customers and other stakeholders, particularly if you process confidential or personal data.
IT Governance can facilitate the audit process and put you in contact with our partners, which can then conduct the SOC 2 audit at a fraction of the price demanded by the Big Four accounting firms.
Additional services, such as penetration testing or advising on integrating your SOC 2 requirements into your ISO 27001-compliant ISMS (information security management system), can also be provided.
IT Governance specialises in international management system standards, IT governance, cyber security, cyber incident response management, risk management and compliance.
Our professional services team has a wealth of consultancy skills and technical expertise. This multi-disciplinary knowledge and experience means we can help you achieve your project objectives wherever you are in the world.