Skip to main content

SOC 2 & 3 Examinations

SOC 2 and SOC 3 reports provide assurance to your customers that operational controls affecting their security, availability, processing integrity, confidentiality or privacy are in place. These reports build confidence in critical business processes and complement compliance objectives such as HIPAA and PCI.

Types of SOC 2 & 3 Reports

SOC 2, Type I

The SOC 2 report attests to controls that affect operations and information security.  A Type 1 reports on your controls as of a specified date in time.  The report focuses on the suitability of the design of controls related to one or more of the following Trust Service Principles.

  • Security: The system is protected against unauthorized use or access
  • Availability: The system is operating as designed
  • Processing Integrity: System processing is complete, accurate, timely and authorized
  • Confidentiality: Confidential information within the system is protected
  • Privacy: Personal information is collected, used, stored, disclosed and destroyed according to the organization’s privacy policy and the AICPA/CICA GAAP
SOC 2, Type II

When performing a Type II examination, we test the operating effectiveness of your controls over a specified period of time. Our report includes the same content as a Type I report, but also includes an opinion on the operating effectiveness of the controls and a detailed description of our testing procedures and results.

SOC 3

This report is an abbreviated form of the SOC 2 assessment. A SOC 3 simply reports on the adequacy of your information system as it relates to the Trust Services Principles. It does not include an opinion on your description of your operational controls or the operating effectiveness of your controls. A SOC 3 can be shared freely and is frequently used as a marketing tool.

Benefits of SOC 2 Reports

A SOC 2 report will provide your clients with the peace of mind that you have set up effectively designed control objectives and control activities around information systems. Additional benefits include:

  • Satisfy contractual requirements from your customers and reduce future audit requests
  • Provide clients with added confidence in the security of their information
  • Evaluate alignment with other frameworks, such as HIPAA
  • Generate positive publicity by announcing a successful SOC examination
  • Differentiate your organization from your competitors
  • Benchmark controls
  • Provide third-party assurance of effective controls to internal stakeholders

 

Focal Point Data Risk, LLC ("Focal Point") is associated with Sunera CPAs & Associates LLP (“Sunera CPAs”), a registered CPA firm through an alternative practice structure. The two companies are separate legal entities that work together to serve critical business needs. Focal Point offers risk management consulting services and is not a licensed CPA firm. Sunera CPAs & Associates LLP provides SOC attestation services.

contact Focal Point

tweets by @FocalPointDR

Loading Tweets...
VIEW MORE TWEETS >