AuditOne LLP’s sole focus is to perform SOC audits, issue SOC 1, SOC 2, or SOC 3 reports. Our clients benefit from an informed consultation designed to determine the best and most cost-effective strategy to follow in order to meet their goals. We have focused our considerable industry expertise on creating simple, elegant methodologies that are both quick to perform and easy on the budget.
Why You Need a SOC Report
Financial institutions, health care providers, and other corporations are required to perform initial due diligence, and ongoing vendor monitoring on their outsourced service providers. If you are an organization providing outsourced services, your customer may be required to obtain a SOC report from you. A SOC report provides information on your systems and security controls, and additionally establishes confidence in your service and organizational integrity.
AuditOne’s SOC Service Offerings:
· Annual SOC Risk Assessments
· Annual Penetration Testing
· Annual SOC 1 or SOC 2 Report
· Annual SOC 3 Report
Annual SOC Risk Assessment
Companies completing a SOC 1 or a SOC 2 reports must satisfy the AICPA “Identification of Risks” concept. Our risk assessment process normally begins with a secure exchange of documents for our review offsite and ends with a week or less on-site to complete.
Annual Penetration Testing
Annual penetration testing helps you protect your critical IT infrastructure by identifying and validating known security vulnerabilities for both public-facing and internal resources. Penetration testing is about a week-long project, which typically includes both offsite and on-site interaction.
Annual SOC 1 or 2 Report
A SOC 1 report is a general controls reports. This report is the successor to the SAS 70 and SSAE 16 report formats. This report format is still accepted for service provider security report purposes.
A SOC 2 report addresses a service providers controls related to specific criteria based on COSO objectives. The AICPA defines the audit process and report structure. The SOC 2 report is currently the standard for security assurance reports, and most end customers will ask for this report by name.
Annual SOC 3 Report
A SOC 3 report is a public version of your SOC 2 report. A SOC 3 report does not include a listing of the controls or test results. A SOC 3 report can be placed on your public website for download by existing and potential customers.