In response to the heightened awareness and desire by organizations to improve their cybersecurity programs the American Institute of Certified Public Accountants (AICPA) redefined SOC reporting. SOC previously stood for Service Organization Controls, however now the acronym stands for System and Organization Controls to expand on the system-level controls of a service organization. With this change, SOC for Cybersecurity has been added to the suite of SOC reports.
Our team of auditors and cybersecurity advisors consists of highly specialized professionals, including Certified Information Systems Security Professionals (CISSPs) and Certified Information Systems Auditors (CISAs). Because we combine qualified IT auditors with the standards of the CPA profession, we deliver the technical IT and audit skills needed to clearly relay technical information to both the IT department and management.
Fill out this form to get in touch with one of our specialists. We’ll be in touch soon to discuss your compliance needs.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Are you new to the SOC for Cybersecurity reporting process? Security compliance and requirements might seem overwhelming, but not when you have the right partner to guide you through. Our experienced team, combined with our unique “hands on” preparation method, limits guesswork and helps you to quickly prepare for a successful SOC for Cybersecurity examination.
Every examination we perform is completed with your end goals in mind. Our communication protocols provide for frequent contact with you throughout the engagement period in order to facilitate delivery on your expected timeline.
Communication is essential in completing a SOC report and it starts in the planning process. Our planning begins with a kickoff call. The kickoff call is used to make introductions, identify key players, and points of contact. We also begin the process of understanding the services on which we will be providing an opinion. Where a readiness assessment has been requested, we establish the dates for the readiness work (for first-time SOC reporters) and/or fieldwork (for recurring clients). In readiness, we assess the data flow of the services, identify controls, and provide a gap analysis of controls that may need implementation or improvement. The planning and readiness process is critical to creating open communication designed to obtain maximum efficiencies that will be realized in the Type 2 reporting process.
Once the audit plan is established, we create the request list of support items needed in our secure online dashboard, in preparation of and coordination with you for the testing phase. Between the time of the audit plan establishment and the testing, your team starts compiling your supporting documentation and uploading it to the secure online portal. Remember, we are there to help, so we invite open communication if you have any questions. This preparation is essential to an efficient and effective audit experience.
Once the audit plan is established, we create the request list of support items needed in our secure online dashboard, in preparation of and coordination with you for the testing phase. Between the time of the audit plan establishment and the testing, your team starts compiling your supporting documentation and uploading it to the secure online portal. Remember, we are there to help, so we invite open communication if you have any questions. This preparation is essential to an efficient and effective audit experience.
Once the audit plan is established, we create the request list of support items needed in our secure online dashboard, in preparation of and coordination with you for the testing phase. Between the time of the audit plan establishment and the testing, your team starts compiling your supporting documentation and uploading it to the secure online portal. Remember, we are there to help, so we invite open communication if you have any questions. This preparation is essential to an efficient and effective audit experience.
“…The Auditwerx team provided us with the necessary guidance, tools and knowledge allowing us to improve the overall process concerning both system’s security and privacy, as well as support to implement better controls that are a hard requirement in our sector…We would highly recommend Auditwerx services to organizations of all sizes and requirement complexities. “
Our handy guide, “Adding it Up: What Type of SOC Report Do I Need?” is a great starting point to determine what kind of SOC report best fits your company’s business and compliance needs.
When you’re ready to speak with an experienced team about your reporting needs, Auditwerx will be here for you.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
It’s important that your auditor has the knowledge to help your service organization navigate the ever-evolving world of SOC compliance. Let’s take a look at two recent changes, SSAE No. 21 & SSAE No. 22.
Understand the controls analyzed during a SOC 1 examination
Get a better understanding of the kinds of controls the could be examined during a SOC 1 report.
