SOC 2 Type 2: Definition and Scope
Explore what SOC 2 Type 2 certification is, its significance for your business, the benefits of SOC 2 Type 2 compliance, and how to achieve SOC 2 Type 2 certification for your organization.
An international assurance engagement requires that auditors comply with their local country audit requirements. U.S. based certified public accountants are required to comply with the ISAE 3000 and the ISAE 3402 certification standards when issuing this report. Although some of the criteria are different, creating the two reports at the same time saves time, conserves personnel resources, and reduces associated audit compliance costs.
Our simple ISAE 3402 auditing process makes it easy for any size organization to receive the accreditation they need to build trust with their clients. Our experienced auditors will help you align your compliance efforts across frameworks, working around your business needs for an easy and efficient assessment experience.
The ISAE 3402 is issued under the International Standards for Assurance Engagements (ISAE) 3402 report. This examination and report is similar – to and issued in conjunction with – a SOC 1 (SSAE 18) report.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Are you new to the ISAE 3402 reporting process? Security compliance and requirements might seem overwhelming, but not when you have the right partner to guide you through. Our experienced team, combined with our unique “hands on” preparation method, limits guesswork and helps you to quickly prepare for a successful ISAE 3402 examination.
Every examination we perform is completed with your end goals in mind. Our communication protocols provide for frequent contact with you throughout the engagement period in order to facilitate delivery on your expected timeline.
Communication is essential in completing a compliance report and it starts in the planning process. Our planning begins with a kickoff call. The kickoff call is used to make introductions, identify key players, and points of contact. We also begin the process of understanding the services on which we will be providing an opinion. Where a readiness assessment has been requested, we establish the dates for the readiness work. In readiness, we assess the data flow of the services, identify controls, and provide a gap analysis of controls that may need implementation or improvement. The planning and readiness process is critical to creating open communication designed to obtain maximum efficiencies that will be realized in the reporting process.
Our testing and audit plans are shared with you as soon as they are customized for your processes. Customizing and sharing these plans allow us to provide a quality product in the shortest time possible. In addition, we provide templates and main points of the narrative process to help you get started with your description. We provide a draft of the audit plan for your review and complete another call to go through the plan to assist you in assigning tasks for collecting supporting documentation and preparation for on-site testing. Once the audit plan is finalized, we complete the details in preparation of and coordination with you for the on-site testing visit. Between the time of the audit plan approval and the evidence gathering, your team starts compiling your supporting documentation and uploading it to our secure portal. Remember, we are there to help, so we invite open communication if you have any questions. This preparation is essential to an efficient and effective on-site audit experience.
OPTION 1: On-Site Fieldwork
We send our itinerary prior to our on-site visit and coordinate the on-site expectations. During the fieldwork, we conduct walk-throughs, controls testing, obtain testing documentation, and review other processes as necessary. We conduct an exit interview with you to provide initial testing results, go over next steps, and have a clear plan for completion of the testing portion of the SOC report. Our goal is to have 95% of all testing documents and your draft of the control description completed at the end of field work. This ensures your report is completed in a timely manner.
OPTION 2: CRI Virtual Smart Audit & Reviews Process
The CRI Virtual Smart Tech Audits & Reviews (vSTAR™) process combines minimal hardware, collaborative software, and cameras to allow us to perform all or part of our audit engagement virtually and in real time. Learn more here.
When testing and evidence gathering has been completed, your auditor composes a draft of your report and submits it to our quality control team. Every draft report is subjected to a manager and partner review based on our strict quality control process. Once your report has completed this round of reviews, it is provided to you for review, feedback, and modifications. After your draft is returned to us, a final quality control review is completed.
“…Our company is required to undergo a number of audits annually with various audit firms and Auditwerx has truly been pleasure to work with. I have referred Auditwerx to a number of clients and would recommend them to anyone…”
Explore what SOC 2 Type 2 certification is, its significance for your business, the benefits of SOC 2 Type 2 compliance, and how to achieve SOC 2 Type 2 certification for your organization.
A SOC 1 report could help demonstrate the IT general controls and business process controls in place to achieve control objective statements.
A SOC 2 certification offers detailed assurance of cybersecurity controls in place at service organizations like yours.