SOC/SSAE16

Building Trust and Confidence in Third-Party Relationships

In a global economy, businesses must have trust and confidence in their partners and vendors. SOC reports enable your organizations to demonstrate to both customers and prospects that you have acceptable controls and safeguards for managing their data and/or infrastructure.

Independent SOC assessments have become an important part of building trust between service providers and their clients. SOC 1 engagements are performed in accordance with Statement on Standards for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization. SOC 1 reports focus solely on controls at a service organization that are likely to be relevant to an audit of a user entity’s financial statements. SOC 2 and SOC 3 engagements address controls at the service organization that relate to operations and compliance.

Our services include:

SOC Gap Assessments
SOC Gap Assessments assist service organizations in assessing their preparedness for a SOC / SSAE 16 / ISAE 3402 audit. Gap Assessments identify those controls that should be implemented or improved prior to an actual audit. Gap assessments also help your organization mitigate the risk of a qualified opinion or reporting exceptions.

 

TrustNavigator™ – our proprietary service approach:

  • Project planning and management
  • Scope assessment
  • Identification of relevant control objectives and domains
  • Interviews and questionnaires for information gathering
  • Detailed descriptions of your controls
  • Identification of controls in place for each in-scope control objective
  • Prioritized remediation of control gaps and recommended enhancements
SOC 1
SOC 1 / SSAE 16 reports are examination engagements undertaken by a service auditor to report on a service providers controls that are relevant to user entities’ internal control over financial reporting. The services can only be delivered by a licensed firm such as TrustNet.

 

SOC 1 / SSEA16 Services include:

  • Gap Assessments – help your organization assess the controls in place and mitigate the risk of a qualified opinion or reporting exceptions
  • SOC 1 Type 1 – Report on the service organizations description of controls and the suitability of the design of the controls to achieve the related control objectives as of a specified date
  • SOC 1 Type 2 – Report on the service organizations description of controls and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives over a specified period of time
SOC 2
SOC 2 reports are examination engagements undertaken by a service auditor to report on the service organization’s operational controls to meet the selected Trust Services Principles and Criteria. The services can only be delivered by a licensed firm such as TrustNet.

 

SOC 2 reports specifically address one or more of the following five key system attributes / domains:

  • Security – The system is protected against both physical and logical unauthorized access
  • Availability – The system is available for operation and use as committed or agreed
  • Processing integrity – System processing is complete, accurate, timely and authorized
  • Confidentiality – Information designated as confidential is protected as committed or agreed
  • Privacy – Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles (GAPP) issued by the AICPA and CICA

SOC 2 Services include:

  • Gap Assessments – assess the controls in place to meet the Trust Services Principles and Criteria with the goal to ensure preparedness for the SOC 2 examination and help mitigate the risk of a qualified opinion or reporting exceptions.
  • SOC 2 Type 1 – Report on the service organization’s operational controls pertaining to the suitability of the design of controls intended to meet the selected Trust Services Principles and Criteria as of a point in time.
  • SOC 2 Type 2 – Report on the service organization’s operational controls pertaining to the suitability of the design and operating effectiveness of controls intended to meet the selected Trust Services Principles and Criteria over a specific period of time.
SOC 3
SOC 3 reports, also known as SysTrust® examinations, are engagements undertaken by a service auditor to report on the service organization’s operational controls to meet the selected Trust Services Principles and Criteria. The services can only be delivered by a licensed firm such as TrustNet.

 

SOC 3 / SysTrust® reports specifically address one or more of the following principles and criteria:

  • Security – The system is protected against both physical and logical unauthorized access
  • Availability – The system is available for operation and use as committed or agreed
  • Processing integrity – System processing is complete, accurate, timely and authorized
  • Confidentiality – Information designated as confidential is protected as committed or agreed
  • Privacy – Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles (GAPP) issued by the AICPA and CICA

SOC 3 / SysTrust® services include:

  • Gap Assessments – assess the controls in place to meet the Trust Services Principles and Criteria with the goal to ensure preparedness for the SOC 3 examination and help mitigate the risk of a qualified opinion or reporting exceptions.
  • SOC 3 / SysTrust  – Report on the service organization’s operational controls pertaining to the suitability of the design and operating effectiveness of controls intended to meet the selected Trust Services Principles and Criteria over a specific period of time. Unlike the SOC 1 and SOC 2, there is no point-in-time “Type 1” examination for a SOC 3 assessment.

TrustNavigator™ our proprietary service approach:

l

PLANNING

project planning and management

SCOPING

risk assessment, identify relevant controls, gather info

TESTING

analysis, conduct testing, remediation roadmap

REPORTING

findings and recommendations, final report

Why Should I Choose TrustNet?

TrustNet serves clients of all sizes, across multiple industries with extensive expertise and over a decade of experience. We are not the largest provider and we’re certainly not the most expensive. What we provide is deep experience, efficiency, and quality professional services. Just ask our clients.

1 2 3 4 5
1 2 3 4 5
1 2 3 4 5
1 2 3 4 5
1 2 3 4 5
1 2 3 4 5
1 2 3 4 5
1 2 3 4 5
1 2 3 4 5