SOC 2 implementation and report

REQUEST A QUOTE

A framework needed by service IT companies to stay competitive

The SOC 2 audit measures the effectiveness of your systems and processes based on the AICPA Trust Service Criteria and checks adherence to information security standards and rules including Common Criteria standards.

SOC 2

Trusted Service Criteria

serviceSecurity
Information and systems are protected against unauthorized access, disclosure of information, and damage to systems.
serviceAvailability
Information and systems are available for operation and usage to meet the objectives.
serviceProcessing integrity
System processing is complete, valid, accurate, timely, and authorized to meet the objectives.
serviceConfidentiality
Information designated as confidential is protected to meet the objectives.
servicePrivacy
Personal information is collected, used, retained, disclosed, and deleted to meet the objectives.
REQUEST A QUOTE

What is evaluated during the SOC 2 audit?  

1
Infrastructure

Physical, IT, and other hardware such as mobile devices.

2
Software

Applications and IT system software that supports application programs, such as OS and utilities.

3
People

All personnel involved in the organization’s operations.

4
Processes

All automated and manual procedures.

5
Data

Transmission streams, files, databases, tables, and output used or processed by your organization.

Deliverables of SOC 2 implementation

SOC 2 implementation results in a report based on Attest Engagement under Section 101 of Attestation Standards. H-X Technologies provides audit reports specifically designed for technology service providers, SaaS companies, and organizations that store data in the cloud.

Types of SOC 2 report

SOC 2 report types

Type I – A Type 1 report is a snapshot: at the time the report was compiled, the organization had the appropriate controls that made it compliant with the SOC 2 standards. The report is a starting point for building the SOC 2 Type 2 compliance.

Type II – A Type 2 report is more difficult to attain, but it also assures much stronger compliance. The organization must demonstrate adherence to the controls and policies for a period of time, and that usually requires a degree of automation and a long-term commitment.

We will help you choose which type of report is right for you.

REQUEST A QUOTE

Check out our additional services and business cases. Send the form below to request the SOC 2 compliance. Get a free consultation.

Business cases of projects we completed

Audit of smart contracts and blockchain
Business Automation
Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases