SOC Compliance
A must-have certification for SAAS solutions providers.
Information security and compliance aren’t anymore just nice-to-have features. Thanks to the proliferation of cloud-hosted applications, SaaS businesses must now make additional efforts to inspire confidence and trust in how they manage and establish data security. SOC compliance, in this regard, makes for a nifty and industry-approved way to win customers’ trust. But which of the SOC suite of services is applicable to you?
A SOC (System and Organization Controls) report can elevate your organization’s customer confidence by providing assurance on the controls in place that protect their systems or data you manage or host. A readiness assessment will provide you with an independent evaluation of your current control structure so your management team can make informed decisions about your control objectives and prepare for a successful SOC examination.
As a service organization, you can go for one of the 3 options below depending upon your customer needs:
SOC 1 Report (Service Organization Controls Report) – It assures your customers that their financial information is handled safely. The SOC 1 report shows how well you keep your books! So, you should get a SOC 1 report when your bookkeeping compliance impacts your clients’ financial reporting. SOC 1 is relevant for SaaS firms that offer financial services such as claims processing or billing. This is the report which you would have previously considered to be the standard SAS70 (or SSAE 16) but now falls under SSAE18 guidance
SOC 2 Report – based on 5 Trust Service Principles (Security (mandatory), Availability, Confidentiality, Processing Integrity and Privacy), is a report that is intended for your customers that need assurance about your controls on their information processing. It is, in essence, a testimony to the strength of your infosec practices. It is meant to enable the report users (your customers and customers’ customers) to assess and address the risks that arise from their relationship with your organization. SOC 2 compliance is good for data centers, SaaS vendors, IT managed services, and other cloud-computing firms.
A SOC 3 Report – also based on Trust Service Principles, WebTrust and SysTrust, this report is similar to a SOC2 but can be distributed freely and only reports on your organizations achievement of Trust Services Criteria (no description of tests results or opinion on description of system). This report can be a good for marketing purposes..
At Maverick, we can take your organization through the following readiness preparation steps:
Determine the scope of your audit – Our consultants will determine which Trust Service Principles or financial controls fall within the scope of your audit, based on the expectations of customers and other stakeholders
Write out Policies and Procedures – Developing and writing policies is paramount since your written rules and policies are what CPAs use as your standard for auditing for SOC attestation. We will work closely with your management to develop relevant policies
Identify risks, control objectives and perform a controls assessment – We evaluate the relevant risks; help your management to identify controls in place or are missing and prepare necessary documentation to evaluate the control design and effectiveness
Report on the results of assessment – Our final report includes a summary of all the controls tested, observations and gaps noted and a remediation plan for management to mitigate those gaps.
Interface with your SOC auditors – We also help bridge the gap between the management and your organizations SOC auditors by becoming essentially a “management’s extension” or a face to your auditors.
Our SOC compliance services
• Initial consultation to understand your business and compliance needs
• Detailed scoping and planning to ensure a smooth audit process
• Onsite testing and evaluation of your controls
• Comprehensive reporting on audit findings and recommendations
• Ongoing support and guidance to maintain compliance
Our Office
477 Madison Ave, 6th Fl New York NY 10022
1390 Market St. #200 San Francisco CA 94102
Contact Us
(866) 966-0622
info@maverickconsultingcorp.com
Office Hours
Mon-Fri: 9am - 5pm
Sat-Sun: Closed