Pivot Point Security provides consulting services to help organizations achieve and maintain compliance with the SOC 2 standard. Our team will work together with yours to ensure that all of your security policies, procedures, and practices meet the requirements set forth in the SOC 2 Trust Services Principles and Criteria. We will also provide guidance on how to best address potential risks to data privacy and integrity so that your organization can reach its desired level of security maturity. With Pivot Point Security’s SOC 2 expertise, you can trust us to help ensure that your organization achieves provable security and compliance.
Are your clients requesting (a.k.a. requiring) you to have a SOC 2 attestation? If SOC 2 attestation is holding up a signature on new deal or expanding work with a current client, you are not alone and you came to the right place.
With Pivot Point Security as your trusted partner, achieving and maintaining SOC 2 (Type I or Type II) attestation is a guaranteed reality. Our customers are able to sign new clients as well as keep and grow current customers, all while gaining an expert’s assessment and direction on their information security program.
What is SOC 2?
SOC 2 is a third-party attestation, a report built by an objective third-party (a CPA firm) that outlines the results of their testing against a robust set of information security controls (the Trust Services Criteria). Key types of SOC 2 Assessments include:
SOC 2 Type I (Type 1)
A SOC 2 Type 1 report attests to the design and documentation of a service provider’s controls and procedures as of a specific date. However, the SOC 2 Type 1 report does not cover the actual operation of the controls.
SOC 2 Type II (Type 2)
Like a SOC 2 Type 1 report, a SOC 2 Type 2 report covers the design and documentation of controls. A SOC 2 Type 2 report also provides evidence as to how the organization operated its controls over a period of time (usually six months or more).
Generally speaking, when a SOC2 report is requested, the expectation is for a SOC2 Type 2 report covering a one-year observation period.
Why Choose PPS for SOC 2 Services?
✔ You get the Big 4 experts without the Big 4 price tag – many of our consultants began their careers working for one (or more) of the Big 4 CPA firms. Working with PPS means you get top talent on your projects without paying for the big name.
✔ Our core values – we are honest and transparent; basically, we will hold you accountable. If you want a consultant to say nothing but “yes”, we are not a good fit for you.
✔ Our information security expertise extends to all information security domains – SOC 2 may be your most immediate concern but because we have extensive expertise and experience in other domains including ISO 27001, Privacy, Network Security, App Security, and Third Party Risk Management (TPRM). We bring value beyond your SOC 2 attestation letter.
✔We understand audits and information security – this is key… we know what is a “check the box” need vs what will really provide information security and risk management value.
How SOC 2 Services Work
✔ Scope Determination – Here we determine what portions of your business should be included in the SOC 2 attestation. This is also where we help you determine what trust principles/trust services criteria optimally apply to your business based on the types of clients you serve and information you process.
✔ Gap Assessment– Here we learn about your existing information security controls and determine the gap between your current state and SOC 2 ready.
✔ Risk Assessment– Here, we determine where your organizations information security risks are greater than your risk appetite and develop a Risk Remediation plan to address them.
✔ Readiness Assessment (optional) – Here one of our SOC 2 experts will conduct an internal audit to ensure the controls are working as intended and generating the evidence that you will need for a “clean” SOC 2 external audit and report. Our auditor will be objective and fully independent of the consultative team that worked with you on the SOC 2 implementation.
What You Can Expect
If you decide to partner with Pivot Point Security for CCPA Compliance Services, you can expect to:
✔ Attain and maintain CCPA compliance and the ability to prove it.
✔Have a strategic roadmap to achieve both short- and long-term privacy goals.
✔ Have confidence in your privacy standing.
✔ Gain a competitive advantage to win more business.
✔ Have some laughs, hear some “The Office” references, and get quality, actionable advice from experts who live at the juncture of privacy and security every day.
If you decide to go another direction, we wish you nothing but success! But if you find yourself lost on a winding road, unsure where to turn and in need of a guide… you know where to find us.