When a client pursues a SOC 2 audit for the first-time, they normally ask: What are the requirements of a SOC 2 audit? How are we going to be judged? What can I do to prepare? KirkpatrickPrice strives to be your audit partner and will work with your organization to answer each of these SOC 2 FAQs. Let’s review a key exercise to perform when preparing for a SOC 2 audit.
You’ve partnered with a third party, you’ve properly scoped your environment, you’ve conducted a SOC 2 gap analysis, you’ve remedied any non-compliant findings, you’ve worked with your auditor, you’ve completed your SOC 2 audit, and now you’re finally receiving your SOC 2 report. Congratulations! So, what’s actually included in a SOC 2 report?
Once you’ve determined you are ready to pursue a SOC 2 audit report, the first thing you have to decide is which of the five Trust Services Criteria you want to include in your SOC 2 audit report. Typically, service organizations that are concerned about the Privacy Principle are collecting, using, retaining, disclosing, and/or disposing of personal information to deliver their services.
A SOC 2 audit report provides user entities with reasonable assurance and the peace of mind that the controls at a service organization are suitably designed, in place, and appropriately protecting client data. There are two types of SOC 2 audit reports – SOC 2 Type I and a SOC 2 Type II. Do you need a SOC 2 Type I or a SOC 2 Type II? What’s the difference? Which one makes the most sense for your organization?
The SOC 2 Security Principle is a must and should be included in any non-privacy SOC 2 engagement. The Security Principle common criteria eliminates the overlap between each of the Trust Services Principles and must be reviewed by every organization before being audited against the SOC 2 security principle. Read more to find out how your organization should be applying the SOC 2 security common criteria.
Once you’ve determined you are ready to pursue a SOC 2 audit report, the first thing you have to decide is which of the five Trust Services Principles you want to include in your SOC 2 audit report. SOC 2 reports can address one or more of the following principles: Security, Confidentiality, Availability, Processing Integrity, or Privacy. Becoming familiar with these principles should be the first step in determining the scope of your SOC 2 audit and deciding which of these principles apply to the services your organization provides.
If you’re being asked about SOC 2 compliance for the first time, you may be wondering why. It’s becoming increasingly common for organizations to request that their vendors become SOC 2 compliant so they can ensure that the companies they are working with are appropriately protecting their sensitive information. Perhaps you’re a vendor of a […]
In order to understand the purpose of a Service Organization Control (SOC) 2 Report, it’s important to understand the background and history of how the SOC 2 came in to existence as a way for service organizations to manage the risks associated with outsourcing services.
11755 Wilshire Blvd.
Los Angeles, CA 90025
Dallas, TX 75219
Atlanta, GA 30303
Bethesda, MD 20817
Seattle, WA 98136
Chicago, IL 60606