In 2019, data security and privacy are two key decision factors for nearly every organization considering a new service provider. A successful System and Organization Controls 2 (SOC 2) report provides your customers with the assurance that your organization has the operational controls in place to protect their security, availability, processing integrity, confidentiality, and privacy. Focal Point’s diverse team of seasoned CPAs and privacy, security, and compliance specialists can help you align your control environment with the AICPA Trust Services Principles or get started with your SOC 2 examination.
SOC 2 examinations are split into two distinct report types: Type 1 and Type 2. A Type 1 report assesses the description of your system, as well as the suitability of your control design as of a specific point in time. A Type 2 report tests the operating effectiveness of your controls to determine if they are supporting your control objectives over a period of time. While the two are very similar, a Type 2 report also includes an opinion on the effectiveness of your controls and a detailed description of our testing procedures and results.
A successful SOC 2 examination can transform your relationships with your clients. It can help you quickly satisfy contractual obligations and reduce audit requests, streamline vendor questionnaire processes, and make you stand out from your competitors. A SOC 2 attestation carefully examines your controls against the AICPA’s Trust Services Criteria, which aligns with a number of key industry frameworks and regulations, so preparation is critical.
Our team of CPAs has helped dozens of organizations prepare for their SOC 2 examinations, and our privacy and security experts have a deep knowledge of industry trends and standards like the GDPR, CCPA, ISO 27001, NIST, HIPAA, and HITRUST – experience and expertise this team will leverage as they help you prepare for attestation.
Ready for your 2019 examination? So are we. The experience and unique expertise of our team allows us to streamline your examination, so we can deliver an insightful report quickly and efficiently.
As more regulations like the GDPR and the CCPA arise, audit requests from your clients become a bigger burden for your team. To help you streamline these efforts, Focal Point can pair your SOC 2 examination with your HITRUST CSF assessment, using established guidance from the AICPA and HITRUST. Focal Point has specialists in the standards included in the HITRUST CSF, like HIPAA and the PCI DSS, who can guide you through the preparation stage of this attestation or deliver an insightful report in a matter of weeks.
A SOC 3 report is simply an abbreviated version of a SOC 2 report. It attests to the adequacy of your information system as it relates to the Trust Services Principles. A SOC 3 can be shared freely and is most often used as a marketing tool. Focal Point can provide a SOC 3 report along with your SOC 2 attestation to help you to generate positive publicity around a successful examination.
Burke & Associates CPAs, LLP d/b/a Focal Point Data Risk Assurance (“Focal Point Assurance”) is a partner-owned, independent CPA firm licensed in Florida that performs audit, review and other attest services to clients in a variety of sectors. Focal Point Assurance operates in an alternative practice structure with Focal Point Data Risk, LLC, a professional services firm. Through separate and independent legal entities, Focal Point Assurance and Focal Point Data Risk, LLC work closely together to serve clients’ business needs. Focal Point Data Risk, LLC and its affiliated advisory companies are not licensed CPA firms. Focal Point Assurance and Focal Point Data Risk, LLC are member firms of Focal Point, an affiliation of separate and independent legal professional services firms. “Focal Point” is the brand name for the Focal Point network. Any services described herein are provided by Focal Point Assurance or Focal Point Data Risk, LLC (as the case may be) and not by any other member firm of Focal Point. No member firm of Focal Point has any liability for services provided by other member firms.