SOC 2 - Type 1 & 2

Certification Readiness

Overview

SOC for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA. Each type of SOC for Service Organizations report is designed to help service organizations meet specific user needs:

  • SOC 2® - SOC for Service Organizations: Trust Services Criteria

  • Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

  • Oversight of the organization

  • Vendor management programs

  • Internal corporate governance and risk management processes

  • Regulatory oversight

Similar to a SOC 1 report, there are two types of reports: A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls.

Our Approach

Omni Group Consulting will guide your company through the SOC 2 Type 1 and/or Type 2 certification process. We will work with your organization to plan, design, and implement the required controls in preparation for certification. Certification readiness activities include items listed below:

  • Reviewing the organization’s current security control set

  • Reviewing readiness assessment

  • Establishing an agreed upon remediation timeline between relevant stakeholders

  • Managing the project through completion

  • Leveraging your company’s technology and personnel we will collaboratively determine the best solutions to close the gaps identified in the planning/discovery phase

  • Working with your company’s team members to vet solution providers when appropriate

  • Documenting controls in a manner which directly addresses certification requirements

  • Working with your company’s team members to implement solutions

  • Assign and document roles and responsibilities

  • Acting as the liaison between your company and certification auditors during the external audit period to reduce the felt impact of audit fatigue by your company’s teams:

    • Collecting, vetting, and presenting audit evidence

    • Representing and articulating your company’s required controls

 

Have Questions?

Certification is a journey and every organization has unique challenges, needs, and goals. We would love to learn more about your company and to explore how we might be helpful!

 

E-mail Us

or

Schedule a Free Consultation