1. Implementation and consulting
We have a structured approach to determine and implement the applicable list of risks and controls that are required to achieve SOC2 attestation. Our advisory approach ensures that the service organization has adequate ‘internal controls’ over applicable security criteria, to assure any Certified Public Accountant (CPA) for issuance of SOC 2 reports.
2. Readiness review
We assess your state of SOC 2 preparedness by evaluating the type business you service, the trust services categories applicable to that service and the security controls relevant to the delivery of the service. Among other things, we will examine and analyze your processes and procedures, contract reviews, and organizational structure and vendor processes.
We can help you remediate Identified shortfalls. We will help you with audit planning, compiling the system or service description, risk assessment, control selection, defining control effectiveness measurements and metrics, or integrating your SOC2 requirements into your ISO 27001 system.
4. Testing and reporting
HealthDox has partnered with leading AICPA- and PCAOB (Public Company Accounting Oversight Board)-registered CPA audit organization based in the US, which will perform the required testing and reporting at considerably reasonably prices. HealthDox can assist with the full SOC audit process, from conducting a readiness assessment and advising on the necessary remediation measures through to testing and reporting.