SOC 2 implementation and certification

A framework needed by service IT companies to stay competitive

An SOC 2 audit measures the effectiveness of your systems and processes based on the AICPA Trust Service Criteria and checks adherence to information security standards and rules including Common Criteria standards.

SOC 2

Trusted Service Criteria

Security
Information and systems are protected against unauthorized access, disclosure of information, and damage to systems.
Availability
Information and systems are available for operation and usage to meet the objectives.
Processing integrity
System processing is complete, valid, accurate, timely, and authorized to meet the objectives.
Confidentiality
Information designated as confidential is protected to meet the objectives.
Privacy
Personal information is collected, used, retained, disclosed, and deleted to meet the objectives.

What is evaluated during a SOC 2 audit?  

1
Infrastructure

Physical, IT, and other hardware such as mobile devices.

2
Software

Applications and IT system software that supports application programs, such as OS and utilities.

3
People

All personnel involved in the organization’s operations.

4
Processes

All automated and manual procedures.

5
Data

Transmission streams, files, databases, tables, and output used or processed by your organization.

Deliverables of SOC 2 implementation

SOC 2 implementation result is a report based on Attest Engagement under Section 101 of Attestation Standards. H-X Technologies provides audit reports specifically designed for technology service providers, SaaS companies, and organizations that store data in the cloud.

Types of SOC 2 report

SOC 2 report types

Type I – A Type 1 report is a snapshot: at the time the report was compiled, the organization had the appropriate controls that made it compliant with SOC 2 standards. The report is a starting point for building the SOC 2 Type 2 compliance.

Type II – A Type 2 report is more difficult to attain, but it also assures the compliance much stronger. The organization must demonstrate adherence to the controls and policies for a period of time, and that usually requires a degree of automation and a long-term commitment.

We will help you choose which type of report is right for you.

 

Check out our additional services and business cases. Send the form below to request a SOC 2 implementation. Get a free consultation.

 

Business cases of projects we completed

Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases