Increase Customer Confidence and Peace of Mind with a SOC 2®
A SOC 2® assessment provides current and potential clients with the assurance that your organization is taking the necessary steps to protect their private information.
This helps you gain new clients and retain existing ones thereby allowing you to focus on your business with the peace of mind that you are doing all you can to ensure that customer data is protected and secure.
Preparing for a SOC 2®
Document Policies & Procedures
Clients should document their IT security and HR policies and procedures.
Understand Governance & Oversight of IT Objectives
For example: Is there a board, committee, or leadership team that have regular periodic insight and governance over IT objectives, including when there are issues.
Document Risk Management
Document the Risk management process or program which outlines the periodic assessment of risk to the company, including IT and fraud. Documenting how risks are identified by: For example: the risk and vulnerability assessment processes.
AICPA System & Organization Control (SOC®) Report by Audit Service
SOC 2® Assessment and Report Types

SOC 2® Readiness Assessment
Time spent before the audit where OCD Tech identifies what processes and documentation the client has in place to meet the SOC 2® and the gaps where they don’t. The client is then responsible for remediating those gaps with OCD-Tech guidance. (1-6 months depending on the number of gaps and the clients availability to remediate them)

SOC 2® Type 1 Report
OCD Tech tests each of the processes identified by the client against the supporting policies and procedures and then prepares the supporting documentation. (About 2 weeks) The above is sent through a review process by a proofreader, QA, and CPA for review and sign off (up to 3 weeks).

SOC 2® Type 2 Report
The audit period is either 6 or 12 months. OCD Tech tests each of the processes identified by the client by reviewing evidence that the process occurred over the audit period. (testing is usually completed a month after the audit period) The above is sent through a review process by a proofreader, QA, and CPA for review and sign off (up to 3 weeks).