Looking for a SOC2 Consultant?
A SOC2 is a System and Organization Control 2 report. The AICPA (American Institute of CPAs) provides criteria that can be selected by a service organization to demonstrate they have controls in place to mitigate risks to the service they provide.
The SOC2 report addresses a service organization’s controls that are relevant to their operations and compliance, as outlined by the AICPA’s Trust Services Criteria (TSC).
The TSCs include
- processing integrity,
- and privacy.
There are two types of reports:
A Type I report describes the service organization’s description of controls at a specific point in time (e.g. June 30, 2019). In a Type I report, the service auditor will express an opinion on
- whether the service organization’s description of its controls presents fairly, in all material respects, the relevant aspects of the service organization’s controls that had been placed in operation as of a specific date, and
- whether the controls were suitably designed to achieve specified control objectives.
A Type II report not only includes the service organization’s description of controls, but also includes detailed testing of the service organization’s controls over a minimum six month period (e.g. January 1, 2019 to June 30, 2019). In a Type II report, the service auditor will express an opinion on the same items noted above in a Type I report, and
- whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved during the period specified.
JSC Consultant can help you achieve SOC2
Our approach is to start with a gap analysis which typically takes one day onsite and a day of reporting. This would lead to a project plan that we discuss and once agreed would run. The typical project runs for 3-6 months (elapsed time), but this of course varies depending on how many things you would need to implement to be compliant and this would be clear after the gap analysis.
We can help with all the things required to get to attestation. Our normal engagement is to provide overall project management and SOC2 consultancy, risk assessment tool and facilitation, required documentation and internal audit. These are all typical deliverables that will help to significantly speed up the certification process as well as ensuring success during external audit.
Internal Audit Service
This service ensures you stay compliant and are ready for the external audit. You would effectively outsource the internal audit to us so you don’t have to spend time and money on training internal auditors or spend the time for employees doing internal audit.
Why chose JSC Consultant Solutions?
- We have specialised in the design and implementation of SOC2 and other management systems.
- Our vast experience in this field means that we can take you through to certification fast and help you stay certified – guaranteed.
- We achieve certification results with the least amount of effort from your organisation thus allowing your staff to focus on the core business.
- Our Senior Consultants are highly trained and approved to do assessment work for the British Standards Institution (BSI), which is one of the leading certification body. Hence, we have seen numerous management systems and knows what it takes to get certified.
- We are BSI Associated Consultant Platinum members which not only means we are trusted by BSI to deliver excellent consulting services, it also means we are able to offer our clients better lead times and discounts on training with BSI.
- Our consultants all have a business background and will ensure you get a management system that will support your business, not a system that supports a standard.
- We are client led and will always design a programme that fits around the client needs based on a thorough GAP analysis and risk assessment.
- We have many clients that will be happy to speak to you about their experience using JSC Consultant Solutions