SOC 2 Consulting & Readiness Services
Are your clients requesting (a.k.a. requiring) you to have a SOC 2 attestation? If SOC 2 attestation is holding up a signature on new deal or expanding work with a current client, you are not alone and you came to the right place.
With Pivot Point Security as your trusted partner, achieving and maintaining SOC 2 (Type I or Type II) attestation is a guaranteed reality. Our customers are able to sign new clients as well as keep and grow current customers, all while gaining an expert’s assessment and direction on their information security program.
Ready to talk? Click here to schedule time with a SOC 2 expert
What is SOC 2?
SOC 2 is a third-party attestation, a report built by an objective third-party (a CPA firm) that outlines the results of their testing against a robust set of information security controls (the Trust Services Criteria). Key types of SOC 2 Assessments include:
SOC 2 Type I (Type 1)
A SOC 2 Type 1 report attests to the design and documentation of a service provider’s controls and procedures as of a specific date. However, the SOC 2 Type 1 report does not cover the actual operation of the controls.
SOC 2 Type II (Type 2)
Like a SOC 2 Type 1 report, a SOC 2 Type 2 report covers the design and documentation of controls. A SOC 2 Type 2 report also provides evidence as to how the organization operated its controls over a period of time (usually six months or more).
Generally speaking, when a SOC2 report is requested, the expectation is for a SOC2 Type 2 report covering a one-year observation period.
Why Choose PPS for SOC 2 Services?
- You get the Big 4 experts without the Big 4 price tag – many of our consultants began their careers working for one (or more) of the Big 4 CPA firms. Working with PPS means you get top talent on your projects without paying for the big name.
- Our core values – we are honest and transparent; basically, we will hold you accountable. If you want a consultant to say nothing but “yes”, we are not a good fit for you.
- Our information security expertise extends to all information security domains – SOC 2 may be your most immediate concern but because we have extensive expertise and experience in other domains including ISO 27001, Privacy, Network Security, App Security, and Third Party Risk Management (TPRM). We bring value beyond your SOC 2 attestation letter.
- We understand audits and information security – this is key… we know what is a “check the box” need vs what will really provide information security and risk management value.
How SOC 2 Services Work
- Scope Determination – Here we determine what portions of your business should be included in the SOC 2 attestation. This is also where we help you determine what trust principles/trust services criteria optimally apply to your business based on the types of clients you serve and information you process.
- Gap Assessment– Here we learn about your existing information security controls and determine the gap between your current state and SOC 2 ready.
- Risk Assessment– Here, we determine where your organizations information security risks are greater than your risk appetite and develop a Risk Remediation plan to address them.
- Readiness Assessment (optional) – Here one of our SOC 2 experts will conduct an internal audit to ensure the controls are working as intended and generating the evidence that you will need for a “clean” SOC 2 external audit and report. Our auditor will be objective and fully independent of the consultative team that worked with you on the SOC 2 implementation.
What You Can Expect
If you decide to partner with Pivot Point Security for SOC 2 Readiness Services, you can expect to:
- Efficiently prepare for a successful SOC 2 audit.
- Give your sales and marketing teams a competitive advantage.
- Gain access to new markets, especially in the United States.
- Have confidence you know the maturity of your company’s security posture.
- Have some laughs, hear some “The Office” references, and get quality, actionable advice from experts who live at the in-security trenches every day.