Information security and data privacy is top of mind for most companies. Ensuring security throughout the data path has become a significant part of many organizations vendor management practices. There are times that organizations need to highlight their internal control environment but a SOC 2® report just contains too much confidential information. In this case, a SOC 3® report is the perfect solution.
A SOC 3® report, like the SOC 2® report, is based on the The Association of International Certified Professional Accountants’ (AICPA) five Trust Services Principles and their corresponding criteria. This report provides assurance about the controls at a service organization relevant to security, availability, processing integrity, confidentiality, and/or privacy. It is prepared for general use and can be freely distributed or used for marketing purposes.
A SOC 3® report is a short form report containing: a brief auditor’s opinion, management assertion, and a brief narrative providing background on the service organization. The SOC 3® report contains very little details that might be deemed confidential since the report can be distributed on the service organization’s webpage.
A SOC 3® report must be done in conjunction with a SOC 2®.
Our SOC team possesses a vast array of technical credentials. We are professionals with industry based compliance experience as well as information security auditing.
Unlike most firms, Auditwerx is a true fixed fee firm. Our goal is to provide a service that will not only improve your operations, but also, result in a significant ROI.
Auditwerx provides ongoing support services between SOC projects as questions arise and we help guide you on the implementation of operations and system changes and how they may impact future SOC reports.
Recommended by our hosting partner, Auditwerx helped us securing a SOC 2 Type 1 and Type 2 attestation…Both operations and auditing teams executed the engagement flawlessly, on-time and on-budget. The Auditwerx team provided us with the necessary guidance, tools and knowledge allowing us to improve the overall process concerning both system’s security and privacy, as well as support to implement better controls that are a hard requirement in our sector. Auditors were extremely courteous and patience with a great sense of urgency when it was needed the most. We would highly recommend Auditwerx services to organizations of all sizes and requirement complexities.