What is the purpose of a SOC 2 audit?
Many companies find it cost-efficient to outsource certain services, such as data hosting, colocation, data processing, and Software-as-a-Service (SaaS). The data that is transmitted, stored, maintained, processed and disposed by these service providers must be kept confidential, secure, private and available for use. In addition, a service provider’s system processing must be complete, accurate, timely and authorized. A SOC 2 Report ensures companies that the five Trust Service Principles of Security, Availability, Processing Integrity, Confidentiality, and Privacy are being addressed by their service organization’s controls.
Recently, the American Institute of Certified Public Accountants (AICPA) restructured the criteria for Security, Availability, Processing Integrity and Confidentiality into “Common Criteria” to eliminate redundancy, and to update the criteria based on the latest technologies and the ever-changing business environment. The Privacy principle underwent a similar revision, effective March 15, 2016.
What types of SOC 2 audits are available?
Similar to SOC 1 audits, I.S. Partners, LLC provides two types of SOC 2 audits for service organizations. A Type I audit examines the controls used by service organizations to address any one or all five Trust Service Principles. The audit provides assurance that controls are designed effectively to meet the desired objectives at a point in time.
A Type 2 audit includes the same information as a Type I audit, but with the additional attestation that a service organization’s controls are tested for operating effectiveness over a period of time. I.S. Partners, LLC’s SOC 2 reports provide a description of the tests we perform and the results of those tests.
I.S. Partners Seal of Approval
I.S. Partners, LLC is the first and only firm with the “seal of excellence” that is granted to SOC 2 Type I and II recipients with unqualified audit opinions. The SOC 2 seal is granted in accordance with Trust Services Criteria (TSF)- Section 100, changes effective December 15, 2018, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy to Type I and Type II recipients, with unqualified adult opinions. Request a quote today to get started on obtaining your seal of excellence.
Why Obtain a SOC 2 Examination?
An internal audit of your system controls can potentially be one of the most stressful processes. I.S. Partners, LLC takes the anxiety out of the audit process and provides a comprehensive report that your service organization needs in order to stay in compliance, as well as a Seal of Excellence in the audit report’s opinion letter to show that it successfully completed a SOC 2 audit. This seal can be placed on your company’s website and marketing material to show your customers that you are a trusted and reliable company.
Start the process of obtaining your SOC 2 Seal of Excellence by requesting a quote.
Frequently Asked Questions
- What is the difference between a Type I audit and a Type II audit?
A Type I audit results in a report on management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specific date. A Type II audit is the same as a Type I audit but with a report on the operating effectiveness of the controls throughout a specified period.
- Why is I.S. Partners qualified to perform SOC audits?
I.S. Partners, LLC is a Certified Public Accounting firm registered with the AICPA (American Institute of Certified Public Accountants) and PCAOB (Public Company Accounting Oversight Board), and is managed by a group of highly-seasoned partners who have vast experience in performing SAS 70 / SSAE 16 / SOC audits, FISMA, HIPAA HITECH, Sarbanes-Oxley (Section 404) management self-assessments, Model Audit Rule compliance, and other specialized information technology audits.
