A SOC 2 is an examination of a service organization’s controls over its system relevant to security, availability, processing integrity, confidentiality, or privacy.
The team at Audit Peak has more than 15 years of experience performing SOC 2 engagements for start-ups, mid-size and large-cap companies. We have examined and audited many legacy environments and even more cloud environments including Amazon AWS, Microsoft Azure, and Google GCP.
How prepared are you for a Type 1 or Type 2 assessment?
Audit Peak will prepare you for the climb towards completing a successful SOC 2 Type 1 or Type 2 engagement. Audit Peak will perform a thorough review of your system and organization controls, including the policies, procedures, IT general controls and business processes supporting the system. We will provide you with a detailed gap assessment outlining the current controls in place that would satisfy the SOC 2 criteria. The deliverable will also include the control deficiencies/gaps along with best practices for remediating the deficiencies/gaps identified, and any key controls that must be remediated prior to pursuing a SOC 2 Type 1 or Type 2 report.
Gain Competitive Advantage And Meet Commitments
SOC 2 Type 1 Report
Report as of a point in time
A service organization can pursue a Type 1 report with or without an initial Readiness(Gap) Assessment, however there are important considerations for success. The Type 1 report is performed as of a specific date meaning that the system and controls must be designed and implemented as of that specified date. Accordingly, the SOC 2 Type 1 focuses on:
The description of the service organization’s system.
The suitability of the design of the service organization’s controls.
Continuously Improve Risk Posture
SOC 2 Type 2 Report
Report covering a period of time
A Type 2 report is the “Peak” and Audit Peak is strategically positioned to provide service organizations with the guidance and expertise of its personnel to successfully complete a SOC 2 Type 2 audit.
A SOC 2 Type 2 covers a period of time (typically between 3 and 12 months) and while it includes assessing the suitability of the design of the service organization’s controls, the SOC 2 Type 2 also assesses the operating effectiveness of those controls over the review period.