SOC 2
SOC 2 audits provide independent assessments of the provider’s ability to protect and secure customer data.
Auditors evaluate the providers’ information and IT security controls using an AICPA framework called the Trust Services Criteria.
Although all SOC 2 reports assess the Security Criteria, service providers decide which of the remaining Criteria their auditors should examine:
Security
Controls protect against unauthorized access, disclosure, and system damage that could compromise customer information.
Availability
Availability: Controls ensure that IT systems and customer information are available to deliver the provider’s services and for access by the customer.
Processing Integrity
Systems process customer information promptly, accurately, and completely using valid methods.
Confidentiality & Privacy
The service provider’s controls ensure any information the customer designates as confidential is protected and privacy of any personal information.
An auditor’s final report for SOC 2 compliance take one of two formats.
Type 1
To give your customers an assessment of your systems and controls, you can request a SOC 2 Type 1 report.
Auditors evaluate how you describe your systems and controls. They also evaluate the suitability of the controls’ designs in meeting control objectives.
A SOC 2 Type 1 report only assesses the suitability of your controls at a specific point in time. Auditors don’t evaluate the operational performance of these controls over time.
Type 1 reports make sense when you need to give your customers an independent overview of your controls without a long wait.
Type 2
To give your customers a detailed review of your controls, you’ll need a SOC 2 Type 2 report. On top of the assessments for the Type 1 report, auditors evaluate the operational effectiveness of controls over a specific period of time, commonly referred to as the Observation Period.
Typically, these audits last six or 12 months. Depending on the chosen audit period, you’ll request audits once or twice a year to keep their compliance status current.
Transparent Pricing
SOC 2: Type 1
Only $15K
Inclusive of everything:
- SOC 2 Audit Report from a licensed US CPA
- Readiness assessment: assessing security gaps, putting security controls and practices in place, and documenting those practices.
- Drafting policies and define controls
* Price subject to change based on certain conditions.
SOC 2: Type 2
Only $17K
Inclusive of everything:
- SOC 2 Audit Report from a licensed US CPA
- Readiness assessment: assessing security gaps, putting security controls and practices in place, and documenting those practices.
- Drafting policies and define controls
* Price subject to change based on certain conditions.