SOC 2

Why SOC 2?

In the course of a SOC 2 examination, an impartial third-party service auditor, such as Securis360, evaluates your internal controls and business processes against the relevant and selected SOC 2 trust services criteria. Subsequently, a report is generated by Securis360, which you can then share with customers and other stakeholders, assuring them that their data is secure in your care.

A Type 1 SOC 2 Report is beneficial for organizations seeking to showcase their dedication to data security to stakeholders and customers. This report assesses the effectiveness of your controls and processes, focusing on their design and implementation at a specific point in time

A Type 2 SOC 2 Report provides an assessment over an extended period, usually six months or more. Throughout the examination, the auditor evaluates the effectiveness of your controls, assessing both their design and implementation, and examines their operational efficiency in aligning with your chosen trust services criteria categories.

Process offered

Planning and Preparation

Stand out as crucial steps. This phase ensures alignment of your controls and evidence with the terms and expectations agreed upon by your customers. Collaboration between you and the auditors is integral to establish timelines, scope, deliverables, and other essential elements necessary for the examination to proceed smoothly.

Evidence Request & Collection:

The initiation marks the commencement of the engagement. If necessary, Securis360 will arrange a call either at the outset or just before the initiation to address any remaining matters. Securis360 remains accessible to the client for any inquiries. Incorporating communication before the start ensures that there are no eleventh-hour alterations to the project or team, and the Client receives the plan ahead of the testing and on-site visit.

Testing:

Once you've provided the requested evidence, the Securis360 auditors will conduct process walkthroughs and interviews, complemented by their thorough reviews and inspections of the evidence. This encompasses any required follow-up discussions with evidence owners, as well as the meticulous cataloguing and documentation of the test results.

Reporting:

The final step of Securis360’s testing method is reporting, but the whole assessment aims to produce a deliverable that is clear, concise, and accurate.

Securis360’s report considers the whole process and tailors a report for each client. The draft report will be delivered at the end of the testing and gathering phase, and the final report will be delivered after the completion of the respective process.