Select Page

SOC 2 Audit

An audit tests your security program against specific Trust Services Principles and Criteria

FRSecure performs a full array of information security assessments and audits including FISMA, ISO Certification, NERC/FERC, FDA, SEC, FINRA, SOX, and more. If you’re looking for an assessment, we’ve likely done it before, and are happy to discuss your needs with you. Call us today.

What is an SOC 2 Audit?

An SSAE 16 SOC 2 audit is an audit of your security program against a set of trust services principles.  The trust services principles are sets of specific criteria that you need to meet in order to successfully complete a SOC 2 audit.  You can choose one or more of the TSP’s to audit against (there are five total: Security, Availability, Processing Integrity, Confidentiality, Privacy).

Further, there are 2 types of SSAE16 SOC 2 audits:  Type 1 and Type 2

  • SOC 2 Type 1 is  a snapshot in time.  It basically audits whether or not you have the controls from the selected TSPs in place.
  • SOC 2 Type 2 is a measurement over time.  It essentially determines whether or not you comply with the selected TSP controls over a period of 6 months.
Why would I want one?

SSAE16 audits replaced the SAS70 audit.  So if you used to get SAS70 audits you may choose to continue on with a SOC 2.  SOC 2 is a recognized security audit, but we would want to discuss with you whether it’s the right decision for you or not.  A SOC 2 is different than a full information security assessment, but there are valid reasons to pursue one:

  • Your competitors are getting SOC 2 audits
  • You want one for marketing purposes
  • A valued customer is requiring one
What is the process for completing the audit?

On a high-level, the SSAE16 SOC 2 process is comprised of the following steps:

  1. Define Attestation Engagement Scope – Determination of which Trust Services Principles and Criteria will be attested against.  Description of the “system” to be attested against.
  2. Planning and Coordination – Planning timelines, resource constraints, and activities.
  3. Information Gathering – Identify existing or required controls through discussions with management, and review of available documentation.
  4. Perform Readiness Review –  Identify gaps requiring management attention
  5. Prepare and Present Gap Assessment Reports – Communicate prioritized recommendations to address any identified gaps
  6. Remediation Plan Creation – Hold working sessions to discuss alternatives, and remediation plans.
  7. Remediate documentation gaps
  8. Prepare SSAE16 SOC 2, Type 1 Attestation validation packet
  9. Complete the SSAE16 SOC 2, Type 1 Attestation
  10. Preparation for the SSAE16 SOC 2, Type 2 attestation engagement
  11. Complete the SSAE16 SOC 2, Type 2 Attestation period
  12. Complete the SSAE16 SOC 2, Type 2 Attestation

SOC 2 Drawing

What are the deliverables I should expect?

Deliverables for an SSAE16 SOC 2 are:

  • SOC 2 Pre-Audit Assessment Executive Summary
  • SOC 2 Pre-Audit Assessment Final Report
  • SOC 2 Pre-Audit Action Plan
  • Documentation Required Prior to SOC 2 Type 1 Attestation
  • SOC 2 Type I Validation Packet
  • SOC 2 Type I Attestation Report
  • SOC 2 Type I Certificate of Achievement
  • SOC 2 Type 2 Attestation Report
  • SOC 2 Type 2 Certificate of Achievement
What does an SOC 2 audit cost?

There are multiple components to an SSAE16 SOC 2 audit.  Because of this, FRSecure strives to determine the best possible approach for our clients to ensure successful completion of the audit in a cost effective way.  All you need to do is spend a few minutes on the phone with our team to make sure we are delivering exactly what you need and want.

Contact Us Today For A Free Consultation

Contact us today and get access to FRSecure’s team of information security experts.

Contact Sales