We’ll prepare you for attestation (SOC) audits and, if needed, arrange the entire audit under the required standard, helping you meet all relevant requirements and build a secure, stable IT environment that reinforces your company’s credibility.
As more and more companies choose to outsource IT systems, processes and data to reduce costs, accelerate innovation and focus on their core strengths, robust risk and supplier relationship management become essential. Through transparent reporting, SOC 1, SOC 2 and SOC 3 reports assure customers that controls at service organizations work as they should.
Common Challenges Our Clients Have Faced – And We’ve Helped Solve
How to build client trust in our products/services
Is our company ready for a SOC 2 audit?
Which controls should we implement to meet the Trust Services Criteria?
What does a SOC audit involve, how long does it take, and how do we pass it successfully?
The different types of SOC reports (Type I, Type II assurance) and their specifics
How to set up internal IT controls so they are as effective, feasible and efficient as possible
How best to align controls with the SOC 2 standard (Trust Services Criteria)
How to draft a SOC report and define/describe internal controls
How to build a roadmap for SOC controls implementation
How we help
References
SOC 1 audit under ISAE 3402
We performed an audit of general IT controls (GITC) and IT application controls (ITAC) related to financial reporting, testing a system administered in the Czech Republic, but with controls performed not only in the Czech Republic but also by entities in several CEE countries and beyond. The resulting ISAE 3402 report covered testing in all affected countries.
SOC 2 audit under ISAE 3000
We carried out a SOC 2 Type II audit, testing the design, implementation and operating effectiveness of the relevant controls. The scope covered IT security (common criteria), confidentiality, availability, processing integrity and privacy.
SOC 2 readiness review (“readiness assessment” or “diagnostic review”)
Under the SOC 2 readiness review, we organized several workshops to explain the control objectives and requirements to meet the full Trust Services Criteria scope (controls for security, confidentiality, availability, processing integrity and privacy). We assessed the current state of readiness through interviews and by closely examining documentation on implemented controls. Then, we provided sample controls and discussed possible examples of their design in the client’s environment. We also mapped control objectives to meet ISO/IEC 27001. After the client submitted their controls proposal, we reviewed it and suggested changes. Finally, we prepared a report for the management, summarising the steps taken and the timeline (roadmap) for the next steps.
Contacts
