SOC 2 Compliance
Help for Small Business
What is SOC 2?
SOC 2 stands for Systems and Organization Controls 2 (SOC 2). There are 3 levels of SOC. SOC 1 (for Financial), SOC 2 (for Security), and SOC 3 (for Summary of SOC 2 for General Use). SOC 2 is the standard developed by the American Institute of CPAs (AICPA) and is based on Cybersecurity Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. SOC is most applicable to Software Organizations, SAAS companies, Cloud Hosting Services, Healthcare Technology, and more.
Core Business Solutions assists small businesses in setting up and maintaining SOC 2 Compliance. We also assist in getting you prepared for Certification by an independent CPA.
Consulting Services Get a Free Quote
SOC 2 Compliance Consulting
Achieving SOC 2 compliance is time-consuming and complex. We are here to help. Our process includes a dedicated SOC 2 expert consultant to walk you through each step of preparation. The certification audit is conducted by an independent CPA firm. We get you ready and can refer you to an independent auditor once complete.
How Long Does it Take to Prepare for SOC 2?
It takes approximately 6 months to prepare for your SOC 2 certification audit. SOC 2 Type 1 covers the design of controls, the definition of the system including a detailed description, and all important documents by the AICPA governance.
What does SOC 2 Type 2 Include?
SOC 2 Type 2 includes the determination of the operating effectiveness of the system implementation and looks back at a specific period, such as 12 months. In SOC 2 Type 2 the controls are mapped to the AICPA guidelines. A detailed review of the documentation that supports the controls is conducted to ensure proper system implementation and system effectiveness.
Core provides dedicated training for your staff to prepare for the SOC 2 audit. Controls will be explained to the staff and how their job impacts the operating effectiveness of the system security.
SOC 2 Description of Service Consulting
Once preparation is complete independent CPA issues a report to attest that the organization complies with SOC 2 system security. Core will assist in drafting the sections in the SOC 2 Report that contains the Description of Service (DoS). Your organization is supposed to write the DoS section of the report, which is complex. Core Business Solutions also provides this service to assist in a successful certification audit.
Your customers expect that the SOC 2 security status is up to date; therefore, this requires an annual review and update of all controls, documentation, and report.
We provide consulting support for various other standards, as well as support for companies seeking multiple certifications through an Integrated Management System.
Quality Management Systems
Information Security Management Systems
Capability Maturity Model
Core Business Solutions offers consulting services for SOC 2 compliance and SOC 2 certification. For more information about SOC 2, please call our consulting office at 866-354-0300 or contact us online.