New to SOC 2® or Preparing for a SOC 2®?

Increase Customer Confidence and Peace of Mind with a SOC 2®

A SOC 2® assessment provides current and potential clients with the assurance that your organization is taking the necessary steps to protect their private information.

This helps you gain new clients and retain existing ones thereby allowing you to focus on your business with the peace of mind that you are doing all you can to ensure that customer data is protected and secure.

Preparing for a SOC 2®

Document Policies & Procedures

Clients should document their IT security and HR policies and procedures.

Understand Governance & Oversight of IT Objectives

For example: Is there a board, committee, or leadership team that have regular periodic insight and governance over IT objectives, including when there are issues.

Document Risk Management

Document the Risk management process or program which outlines the periodic assessment of risk to the company, including IT and fraud.Documenting how risks are identified by: For example: the risk and vulnerability assessment processes.

AICPA System & Organization Control (SOC®) Report by Audit Service

SOC 2®Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.Learn MoreSOC 3®Trust Services Report for Service OrganizationsLearn MoreSOC for Cybersecurity®A cybersecurity risk management report developed by the AICPA a framework that assists organizations as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs.Learn More Previous Next

SOC 2® Assessment and Report Types

SOC 2® Readiness Assessment

Time spent before the audit where OCD Tech identifies what processes and documentation the client has in place to meet the SOC 2® and the gaps where they don’t. The client is then responsible for remediating those gaps with OCD-Tech guidance. (1-6 months depending on the number of gaps and the clients availability to remediate them)

SOC 2® Type 1 Report

OCD Tech tests each of the processes identified by the client against the supporting policies and procedures and then prepares the supporting documentation. (About 2 weeks)The above is sent through a review process by a proofreader, QA, and CPA for review and sign off (up to 3 weeks).

SOC 2® Type 2 Report

The audit period is either 6 or 12 months. OCD Tech tests each of the processes identified by the client by reviewing evidence that the process occurred over the audit period. (testing is usually completed a month after the audit period)The above is sent through a review process by a proofreader, QA, and CPA for review and sign off (up to 3 weeks).

Customized Cybersecurity Solutions For Your Business

Contact Us

Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

OCD Tech

25 BHOP, Suite 407, Braintree MA, 02184

844-623-8324

https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
SOC 2 ® Readiness Assessment
SOC 2 ®
SOC 3 ®
SOC for Cybersecurity ®
IT Advisory Services
IT Vulnerability Assessment
Penetration Testing
Privileged Access Management
Social Engineering
WISP
General IT Controls Review
IT Government Compliance Services
CMMC
DFARS Compliance
FTC Safeguards vCISO

Industries

Financial Services
Government
Enterprise
Auto Dealerships