SOC 2, Type 1: Have You Planned Adequate Controls?
An effective SOC 2 examination (often referred to as a SOC 2 audit) should do more than deliver assurance to your clients that you handle their data properly—it should improve your business’ ability to do so.
A SOC 2, Type 1 examination is an important step toward providing the assurance that you and your clients need. The SOC 2, Type 1 examines the description you have provided of the internal controls in your system, and it measures that description against the AICPA’s Trust Service Principles. It serves as a stepping-stone for the SOC 2, Type 2 that examines whether or not your system of controls actually functions as described. After all, if you haven’t designed a system that can meet the principles, then there’s no point in going through the additional expense of testing the system to see if it functions as designed. Our Trust Service Principles blog series takes an in-depth look at each individual criterion. Learn more here.
Through the Auditwerx SOC Readiness Assessment, we work with our clients to help them understand what controls need to be in place to earn a favorable SOC 2 compliance and identify any gaps between their current controls and the desired system. Contact us to find out what your organization needs to do to prepare for a SOC 2, Type 1 examination.
SOC 2, Type 2: Evaluating the Effectiveness of Your Operational Controls
For most of your clients, it is not enough to know that you have described a system that should keep their information safe. They want an added degree of confidence that your controls are actually operating effectively over a particular period of time. That is the assurance they get from a SOC 2, Type 2 opinion.
When your clients count on you for services that involve their sensitive data, a SOC 2, Type 2 report provides them with an objective, third-party look at the controls you provide to secure that data. The SOC 2, Type 2 examination measures the operation of your controls against the Trust Services Principles set forth by the AICPA, and it provides your clients with a description of the tests that your accountant performs and the results of those tests.
If your clients require third-party assurance of the operating effectiveness of the controls you have in place to protect their information, contact the independent auditors at Auditwerx to find out how we can help you provide that assurance through a SOC 2, Type 2 report.