• SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Call us today! 844-OCD-TECH

Find our Location
OCD TechOCD Tech
  • SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us
soc-2+-report

Demonstrate Additional Compliance with a SOC 2+ Report

February 21, 2022 Posted by Cera Adams IT Security, SOC Reporting Services

The rapid advances in technology have created opportunities for businesses to realize new efficiencies and increased profitability. The ease of use, transparency, and functionality available has led many to embrace outsourcing as a solution to managing non-essential functions. Not only does this save money and minimize waste, but it also allows management to focus on core business processes. As more turn to outsourcing, it has become important to understand the data risk management policies protecting shared customer data. Typically, this can be demonstrated through a System and Organization Controls (SOC) report, SOC 1 or SOC 2, depending on specifics. For those who need to comply with additional frameworks, it can be costly to undergo both a SOC report and additional independent testing. Based on this, the AICPA created the new SOC 2+ report which incorporates multiple frameworks and standards in the assurance reporting process. To help clients, prospects, and others, OCD Tech has provided a summary of the key details below. 

What is a SOC 2+ Report?

SOC 2 report assesses additional controls related to each framework beyond the AICPA’s Trust Service Principles (TSP).  This includes other regulatory frameworks such as PCI-DSS and HIPAA.

The examples listed below are the additional frameworks examined during a SOC 2+ engagement which have formal mappings developed with a SOC report as outlined by the AICPA.

  • CSA Security Trust & Alliance Registry (CSTAR) – This third-party assessment framework developed jointly with the AICPA, serves as an independent security assessment framework for cloud providers. There are two levels of assessment – self assessment and a third-party audit. A SOC 2+ with STAR can be performed when a data center which manages, transmits, and stores client data needs to test/validate certain security configurations.
  • Hi Trust CSF – This security framework was developed by the Health Information Trust Alliance to help required organizations such as health plans and other providers comply with HIPAA standards. A SOC 2+ with HIPAA can be used by claims processors that need access to HIPAA protected data to complete assigned responsibilities. To demonstrate compliance with the safeguarding requirement of personal health information, the report can map how existing controls satisfy HITRUST criteria. 
  • National Institute of Standards & Technology (NIST) – This framework was designed to ensure organizations meet minimum cybersecurity standards while continuing to improve control effectiveness. A SOC 2+ with NIST can be used by a governmental contractor responsible for building housing to demonstrate compliance with new NIST standards.
  • PCI-DSS –This framework was designed by the PCI Security Council to ensure organizations involved in the storage, processing, or transmission of cardholder data meets establish security standards. For service organizations that store credit card information for future payments, it is permitted to rely on a SOC 2+ with PCI-DSS to demonstrate broader compliance. This is especially helpful for organizations that do not have PCI certification.

Contact Us

SOC 2+ reports provide a streamlined method, for service organizations and outsourced providers to concurrently demonstrate compliance with TSPs and industry specific frameworks. If you have questions about the information outlined above, or need assistance with a SOC 2+ Report, OCD-Tech can help. For additional information call us at 844-OCD-Tech or click here to contact us. We look forward to speaking with you soon.

Tags: cybersecurity
Share
0
Cera Adams, CISA, CRISC

About Cera Adams

Cera joined OCD Tech as an IT Audit Manager in October 2017. She is currently Director, Assurance Services. She has twenty years of experience in IT audit, Information security, and IT risk management, primarily in the health insurance and financial services industries. Cera leads our SOC2 practice.

You also might be interested in

Charging stations in public spaces

Charging Stations in Public Areas 

Mar 28, 2024

Public charging stations pose potential risks for fraudulent transactions and[...]

Are You Ready to Be Audited by the DoD?

Are You Ready to Be Audited by the DoD?

Dec 12, 2018

If you are a prime or subprime contractor to the Department of Defense, chances are pretty good that you've heard of the DFARS clauses 252.204-7008...

RFID Cloning: How to Protect Your Business from Physical Infiltration

RFID Cloning: How to Protect Your Business from Physical Infiltration

Jun 26, 2018

If you can gain access to your office building, school,[...]

Find us on

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send Message
OCD Tech logo Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

  • OCD Tech
  • 25 BHOP, Suite 407, Braintree MA, 02184
  • 844-623-8324
  • https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
– SOC 2 ® Readiness Assessment
– SOC 2 ®
– SOC 3 ®
– SOC for Cybersecurity ®

IT Advisory Services
– IT Vulnerability Assessment
– Penetration Testing
– Privileged Access Management
– Social Engineering
– WISP
– General IT Controls Review

IT Government Compliance Services
– CMMC
– DFARS Compliance
– FTC Safeguards vCISO

Industries

  • Financial Services
  • Government
  • Enterprise
  • Auto Dealerships

© 2025 — OCD Tech: IT Audit - Cybersecurity - IT Assurance

  • OCD Tech
  • About Us
  • Contact Us
Prev Next