System and Organization Controls
SOC2 reporting standard was created by the AICPA to fill the gap for organizations that were being requested to have a SAS 70 (now SSAE 18). A SOC report is mandatory to all the organizations who are serving to united states entities including user entity. SOC2 report is designed to provide assurance to service organizations’ clients, management and user entities about the suitability and effectiveness of the service organization’s controls that are relevant to security, availability, processing integrity, confidentiality and/or privacy.
1. Implementation and consulting
We have a structured approach to determine and implement the applicable list of risks and controls that are required to achieve SOC2 attestation. Our advisory approach ensures that the service organization has adequate ‘internal controls’ over applicable security criteria, to assure any Certified Public Accountant (CPA) for issuance of SOC 2 reports.
2. Readiness review
We assess your state of SOC 2 preparedness by evaluating the type business you service, the trust services categories applicable to that service and the security controls relevant to the delivery of the service. Among other things, we will examine and analyze your processes and procedures, contract reviews, and organizational structure and vendor processes.
We can help you remediate Identified shortfalls. We will help you with audit planning, compiling the system or service description, risk assessment, control selection, defining control effectiveness measurements and metrics, or integrating your SOC2 requirements into your ISO 27001 system.
4. Testing and reporting
HealthDox has partnered with leading AICPA- and PCAOB (Public Company Accounting Oversight Board)-registered CPA audit organization based in the US, which will perform the required testing and reporting at considerably reasonably prices. HealthDox can assist with the full SOC audit process, from conducting a readiness assessment and advising on the necessary remediation measures through to testing and reporting.