SOC 2 and SOC 3 Examination Services
SOC 2 reports provide detailed information and assurance about the controls at a service organization relevant to the trust services.
SOC 3 outlines information related to a service organization’s controls related to the Trust Service Categories security, availability, confidentiality, processing integrity and privacy.
What is a SOC 2 report?
Developed by the American Institute of CPAs (AICPA), SOC 2 reports provide detailed information and assurance about the controls at a service organization relevant to the trust services categories security, availability, and integrity of the systems used to process data, as well as the confidentiality and privacy of the information processed.
Refers to the protection of information during its collection or creation, use, processing, transmission storage, and systems that use electronic information to process, transmit or transfer, and store information to enable the entity to meet its objectives.
The availability Trust Service Category refers to the accessibility of information used by the entity’s systems as well as the products or services provided to its customers and other authorized users.
The processing integrity Trust Service Category refers to the completeness, validity, accuracy, timeliness, and authorization of system processing to ensure that data is processed in a predictable manner, free of accidental or unexplained errors.
Confidentiality addresses the entity’s ability to protect information designated as confidential
from its collection or creation through its final disposition and removal from the entity’s control
in accordance with management’s objectives.
Addresses the way personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives. Although confidentiality applies to various types of sensitive information, privacy applies only to personal information.
What is a SOC 3 report?
A Service Organization Controls 3 report (SOC 3) outlines information related to a service organization’s controls related to the Trust Service Categories security, availability, confidentiality, processing integrity and privacy.
Unlike SOC 2 reports, SOC 3 reports are intended for general audience and can be freely distributed. A SOC 3 report includes an independent auditor’s report, a description of the system and a management assertion letter. A SOC 3 must be completed in conjunction with a SOC 2.
Benefits of getting a SOC 2 Report
Validating your organization’s internal controls and processes, enhancing the organizations’ ability to deliver high-quality services.
Providing comfort over the risks related to security, availability, confidentiality, processing integrity and privacy
Helping build a sense of trust between your organization and your customers in addition to enhancing the ability to obtain and retain customers
Helping reduce multiple compliance burdens by providing a comprehensive report.
How It Works
There are 2 types of SOC 2 reports that focus on the design and operating effectiveness of your controls. Insight Assurance as an accredited CPA firm that specializes in helping organizations looking for SOC 2 compliance.
Here is a high-level overview of the type of SOC 2 engagements available:
SOC 2 Readiness
SOC 2 readiness assessment services assist organizations looking to achieve SOC 2 compliance. The Insight Assurance readiness process evaluates the control environments against the AICPA’s SOC 2 requirements to identify GAPs and provide you with a roadmap to a successful SOC 2 Type 1 or SOC 2 Type 2 examination.
SOC 2 Type 1 Report
SOC 2 Type 1 report focus on management’s description of the service organization’s system and the suitability of the design of the controls at a point in time.
SOC 2 Type 2 Report
SOC 2 Type 2 report focus on management’s description of the service organizations system and suitability of the design and operating effectiveness of the controls for an examination period. The Examination period can be anywhere from 3 to 12 months. We recommend organizations getting their first SOC 2 to complete a type 1 report prior to moving on to a type 2 examination.
Why Insight Assurance?
• Founded and operated by former Big 4 professionals (Ernst & Young)
• Tailored audit approach
• Leadership involvement in every step of the audit
• 98.5% client retention rate with over 500 engagements completed
• Superior Communication
• Use of compliance automation tools
Is your organization ready to give comfort to your customers and clients all while reducing compliance burdens and having increased security practices in your environment?