MINORITY & VETERAN OWNED

MINORITY & VETERAN OWNED

SOC 2 AUDITS & REVIEW

SOC 2 (Systems & Organization Controls 2) is a voluntary compliance standard, developed by the American Institute of CPAs (AICPA).  These standards assure the integrity and effectiveness of the processes your business uses to protect private data.  Having a strong SOC 2 Auditing and Review plan communicates to your stakeholders that you are serious about their confidentiality and safety.

While it’s possible to do the work of auditing, reviewing, and obtaining SOC 2 compliance attestations for yourself, most businesses, large and small, simply can’t afford the hours upon hours that these compliance efforts cost.  Hours, days, and weeks spent on SOC 2 audits is time not spent on the productivity of your actual business.  

This is where TMPC comes in.  We offer powerful and easy-to-use automated monitoring that continuously scrutinizes the private data you hold, ensuring the reliability of your security environment. We do this across multiple platforms, and we do it quickly.

FREQUENTLY ASKED QUESTIONS

WHY DO I NEED A SOC 2 AUDITING & REVIEW PROCESS?

Though SOC 2 certification isn’t mandated by law, it is often a requirement in B2B and SaaS vendor contracts. Vendors want to know that your organization takes data security seriously.  No stakeholders want the mess that data security failures can wreak on an organization and its reputation.

WHAT DOES A SOC 2 REPORT COVER?

While all SOC 2 Audits and Reports include Security, they can also include the following Trust Service Criteria: Availability, Confidentiality, Processing Integrity, and Privacy.   We can help you determine whether you need Type I or Type II reports, and we’ll create a sustainable strategy that meets your needs over time.  

Click here to learn more about the AIPIC standards that guide SOC 2 Auditing and Reporting.  

WHAT IS THE DIFFERENCE BETWEEN AND TYPE I AND A TYPE II REPORT?

Type I reports a snapshot of your security environment on the day the test is run, while Type II reports offer a broader view of your company’s security environment over time.  Type II reports are more detailed, reliable, and more trustworthy.  

WHAT IS A SOC II COMPLIANCE ATTESTATION, AND HOW DO I OBTAIN ONE ?

When a third party uses your SOC II audit to create a detailed report about your security practices, it’s called a compliance attestation. To obtain an attestation, you’ll need to:

    1. Develop comprehensive policies and procedures to protect private data in your system that conform to AICPA guidance.   
    2. Run some tests to identify your strengths and determine your weaknesses.  You can do this yourself, or TMPC can do this for you.  This process usually generates a long task list to help ensure that your security practices are as effective as possible.  
    3. Secure necessary resources to implement your security policies and procedures.
    4. Obtain a formal audit during which an auditor will check to see if you’re following your policies.  The investigation may be remote or in-person, and will demand a clear view of your entire security program, as well as views into the smallest corners of your practices.

TMPC SOC 2 CHECKLIST

   DECIDE WHICH TRUST SERVICE CRITERIA TO INCLUDE IN YOUR SOC 2 REPORT.

All reports include the Security Criteria, but you might also choose Availability, Processing Integrity, Confidentiality, and Privacy.  We’ll offer guidance.

  SIT BACK AND LET OUR AUTOMATION DO THE WORK.

Our strategies allow continuous, automated security checks that are aligned with SOC 2 standards. If a security flaw is detected, our experts will help you fix it, ensuring that your environment is tip-top and ready for auditing.

  CONNECT WITH YOUR TMPC EXPERT.

A TMPC expert will meet with your IT and compliance team.  Because your security environment will always be ready for auditing, this meeting is usually brief. In relatively short order, we’ll be able to give a complete and clear picture to your team, something that usually takes days and weeks to complete when you do it on your own.

  VOILA! YOUR SOC 2 REPORT AND COMPLIANCE ATTESTATION.

TMPC experts will continuously review your automatically monitored data, and you’ll quickly and efficiently have your SOC 2 report and compliance attestation in hand.