SOC 2 and SOC 3 reports provide assurance to your customers that operational controls affecting their security, availability, processing integrity, confidentiality or privacy are in place. These reports build confidence in critical business processes and complement compliance objectives such as HIPAA and PCI.
The SOC 2 report attests to controls that affect operations and information security. A Type 1 reports on your controls as of a specified date in time. The report focuses on the suitability of the design of controls related to one or more of the following Trust Service Principles.
When performing a Type II examination, we test the operating effectiveness of your controls over a specified period of time. Our report includes the same content as a Type I report, but also includes an opinion on the operating effectiveness of the controls and a detailed description of our testing procedures and results.
This report is an abbreviated form of the SOC 2 assessment. A SOC 3 simply reports on the adequacy of your information system as it relates to the Trust Services Principles. It does not include an opinion on your description of your operational controls or the operating effectiveness of your controls. A SOC 3 can be shared freely and is frequently used as a marketing tool.
A SOC 2 report will provide your clients with the peace of mind that you have set up effectively designed control objectives and control activities around information systems. Additional benefits include:
Focal Point Data Risk, LLC ("Focal Point") is associated with Sunera CPAs & Associates LLP (“Sunera CPAs”), a registered CPA firm through an alternative practice structure. The two companies are separate legal entities that work together to serve critical business needs. Focal Point offers risk management consulting services and is not a licensed CPA firm. Sunera CPAs & Associates LLP provides SOC attestation services. Focal Point and Sunera CPAs are subsidiaries of Cyber Risk Management, LLC.