More and more administrative and information technology services are being outsourced to third-party vendors. Because information security threats are increasing, this poses a unique concern for those who outsource their business operations. As a third-party vendor, it’s important for your customers to know how you manage and protect their data.
Developed by the American Institute of CPAs (AICPA), System and Organization Controls (SOC) 2 reports are designed to show that you securely manage your customers’ data to protect their interests and the privacy of their clients.
A SOC 2 report provides assurance that the security controls you have in place are designed correctly and operating effectively to protect your customers’ systems or data you can access.
Sword & Shield is proud to serve the following types of organizations with SOC 2 reporting services:
Sword & Shield Enterprise Security partners with you to make SOC 2 audit reporting easier. We apply our more than 20 years of information security and compliance knowledge to take the burden off you, so you can focus on your business.
Sword & Shield is ready to assist you with any of your SOC 2 audit needs, including the following types of SOC 2 reports*:
A SOC 2 readiness assessment is ideal for any service organization new to the SOC framework. Assists in determining the company’s preparedness for a SOC engagement.
A SOC 2 Type 1 report details your systems and if and how they comply with relevant trust principles as of a point in time. Examines the fairness of your representation of internal controls or suitability of design.
A SOC 2 Type 2 report evaluates the fairness of your internal controls description and the suitability of design. Also describes your systems and the operational effectiveness of your controls over a period of time.
SOC 2 reports are unique to each organization, aligned with your specific business practices. Sword & Shield helps you to determine which of the five Trust Service Principles are applicable for your business to safely manage your customer data based on the following:
The system is protected against both physical and logical unauthorized access.
Information and systems are available for operation and use as committed to or agreed upon.
System processing is complete, accurate, timely, and authorized to meet the entity’s objectives.
Information designated as confidential is protected as committed to or agreed upon.
Personal information is collected, used, retained, disclosed, and/or disposed of in accordance with established standards.
A system is comprised of the infrastructure, software, people, procedures, and data used to complete the services provided.
Sword & Shield is ready to assist you with your SOC 2 audit report. Contact us to get started today.
Request a Free Consultation for our SOC 2 Audit Reporting Service.