Description
Service organizations that offer business-to-business solutions may be required to provide a SOC 2 report in order to maintain the business relationship. A SOC 2 is performed by an independent CPA firm to evaluate the design (Type I) and effectiveness (Type II) of IT controls. In the most simplest form, Step 1 requires the identification of what areas of the business are in scope and Step 2 requires the implementation of security controls.
Our SOC 2 Type 2 Report solution provides:
- Scoping Guidance to help you logically define what aspects of the business are in scope
- An Excel-based Control Catalog that lists a baseline of all security controls for possible consideration
- Policies, Procedures and Standards aligned to the required controls
Our templates include 20+ documents that provide coverage to the following control categories:
- Access Control
- Awareness and Training
- Audit and Accountability
- Configuration Management
- Identification and Authentication
- Incident Response
- Maintenance
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- System and Communication Protection
- System and Information Integrity
Our solution eliminates trial and error and guesswork with a simple 3-step process:
- Simply add your organization’s logo and name into each document
- Either adopt the controls as described in the Catalog, Policies, Procedures and Standards or tailor to your organization’s risk appetite
- Sign and date each document to make it official
If you need additional guidance, your purchase comes with 3 hours of complimentary support. We can even perform a pre-assessment of your readiness state prior to the CPA conducting their evaluation.
We’re a dedicated partner in your endeavor to obtain and maintain SOC 2 certification in the quickest time possible without compromise to quality or security.
Whether you’re just getting started or have an existing security program, our templates will provide a baseline of tuned controls, policies, procedures and standards that fully comply to 800-53 rev 4. In fact, our package of artifacts have been deployed at numerous organizations and have passed the scrutiny of the Internal Audit and outsourced audit firms.
We are happy to discuss our products. Please feel free to contact us with your questions.
Reviews
There are no reviews yet.