Test once, report many. Customer requests for a variety of certifications can seem never ending – but it doesn’t have to be that way. During a SOC 2®+* assessment, controls can be mapped to multiple security frameworks to show compliance in a single report.
SOC 2®+ reports can provide an independent third-party opinion on the suitability of design and operating effectiveness of controls relevant to meet other compliance frameworks layered on the SOC 2® Trust Services Criteria, such as: HIPAA, HITRUST, ISO 27001/27002, NIST SP 800-53, or NIST SP 800-171.
Our simple SOC 2®+ process makes it easy for any size organization to receive the accreditation they need to build trust with their clients. Our experienced assessors will help you align your compliance efforts across frameworks, working around your business needs for an easy and efficient assessment experience.
By proceeding, you are agreeing to the terms and conditions in the Auditwerx Privacy Policy.
Are you new to the SOC 2®+ reporting process? Security compliance and requirements might seem overwhelming, but not when you have the right partner to guide you through. Our experienced team, combined with our unique “hands on” preparation method, limits guesswork and helps you to quickly prepare for a successful SOC 2®+ assessment.
Every assessment we perform is completed with your end goals in mind. Our communication protocols provide for frequent contact with you throughout the engagement period in order to facilitate delivery on your expected timeline.
Communication is essential in completing a SOC report and it starts in the planning process. Our planning begins with a kickoff call. The kickoff call is used to make introductions, identify key players, and points of contact. We also begin the process of understanding the services on which we will be providing an opinion. Where a readiness assessment has been requested, we establish the dates for the readiness work (for first-time SOC reporters) and/or fieldwork (for recurring clients). In readiness, we assess the data flow of the services, identify controls, and provide a gap analysis of controls that may need implementation or improvement. The planning and readiness process is critical to creating open communication designed to obtain maximum efficiencies that will be realized in the Type 2 reporting process.
Our testing and assessment plans are shared with you as soon as they are customized for your processes. Customizing and sharing these plans allow us to provide a quality product in the shortest time possible. In addition, we provide templates and main points of the narrative process to help you get started with your description. We provide a draft of the assessment plan for your review and complete another call to go through the plan to assist you in assigning tasks for collecting supporting documentation and preparation for on-site testing. Once the assessment plan is finalized, we complete the details in preparation of and coordination with you for the on-site testing visit. Between the time of the audit plan approval and the on-site visit, your team starts compiling your supporting documentation and uploading it to our secure portal. Remember, we are there to help, so we invite open communication if you have any questions. This preparation is essential to an efficient and effective on-site audit experience.
OPTION 1: On-Site Fieldwork
We send our itinerary prior to our on-site visit and coordinate the on-site expectations. During the fieldwork, we conduct walk-throughs, controls testing, obtain testing documentation, and review other processes as necessary. We conduct an exit interview with you to provide initial testing results, go over next steps, and have a clear plan for completion of the testing portion of the SOC report. Our goal is to have 95% of all testing documents and your draft of the control description completed at the end of field work. This ensures your report is completed in a timely manner.
OPTION 2: Virtual Assessment
The virtual assessment process combines minimal hardware, collaborative software, and cameras to allow us to perform all or part of our assessment engagement virtually and in real time.
When testing and evidence gathering has been completed, your assessor composes a draft of your SOC report and submits it to our quality control team. Every draft SOC report is subjected to a manager and partner review based on our strict quality control process. Once your report has completed this round of reviews, it is provided to you for review, feedback, and modifications. After your draft is returned to us, a final quality control review is completed.
After the final report is issued, we will provide you with the appropriate seal of completion to be displayed on your website. This seal provides your prospective clients with notification that you have completed the SOC reporting process.
…Our company is required to undergo a number of assessments annually with various firms and Auditwerx has truly been pleasure to work with. I have referred Auditwerx to a number of clients and would recommend them to anyone who is looking to complete a SOC* engagement.
When it comes to compliance certification, service organizations can often find it difficult to balance customer requirements and ROI.
Our goal is to deliver the efficient compliance assessments you need, at a price that makes sense for your business.
Once we have discussed your needs and current environment, there are several factors that impact our cost estimate:
Unlike most firms, Auditwerx is a true fixed fee firm. Our goal is to provide a service that will not only improve your operations, but also, result in a significant ROI.
Very few of our clients experience amendments. When necessary, they are usually the result of a scope expansion.
Our experienced assessors understand what your organization needs from a SOC report, and our low overhead ensures that our pricing is based on your need.
Our handy guide, “Adding it Up: What Type of SOC Report Do I Need?” is a great starting point to determine what kind of SOC report best fits your company’s business and compliance needs.
When you’re ready to speak with an experienced team about your reporting needs, Auditwerx will be here for you.
By proceeding, you are agreeing to the terms and conditions in the Auditwerx Privacy Policy.
Your assessment partner needs to be able to work closely with your key stakeholders to properly address your unique processes and controls. An experienced team with a long-standing reputation can help facilitate your SOC assessment in an efficient manner, saving your organization time and money.
Governance, Risk, and Compliance (GRC) tools and SOC* reports are essential components of any organization’s risk management strategy. However, there are several myths surrounding these resources that can lead to confusion and ineffective use. Whether you’re a small business or a large enterprise, understanding the reality behind these myths can help you maximize the value of your GRC framework and SOC reports.
While GRC tools can be helpful for tracking security controls in a limited scope, they don’t provide the in-depth analysis and comprehensive support necessary to ensure full SOC 2® compliance. In this blog post, we’ll explore the key differences between GRC tools and working with an assessment firm like Auditwerx, and why choosing the right path is crucial to preparing your business for a successful SOC 2® certification.