A SOC 2 Audit is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. These reports are issued by independent third-party auditors covering the principles of Security, Availability, Confidentiality, and Privacy of a system.
The primary purpose is to provide an independent assessment of information and data security in addition to privacy control environment. The assessment includes a description of the controls, the tests performed to assess them, the results of these tests, and an overall opinion on the design and operational effectiveness of the same.
Whether it is Type 1, Type 2, or Readiness Assessment reporting, and your company is faced with SOC 2 regulatory requirements or demands from management, UEI-Technology can help prepare your company for a SOC 2 audit through our readiness assessments. We perform SOC 2 pre-audit assessments with varying levels of support, depending on your internal staff to save your company money during the actual audit.
Our process will educate you on the requirements of all the framework’s criteria and help you understand any control gaps your organization has related to those criteria and points of focus. A point of focus (POF) is a supporting control that offers considerations and guidance. POFs are not requirements but rather serve as clarifications to criteria and assisting an organization as they create controls.
The scope of our SOC 2 audit report includes the mapping of the controls tested to NIST, ISO/IEC 27001:2013 Annex A / ISO/IEC 27002:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2014, HIPAA security requirements, and FFIEC’s examination guidelines for GLBA Information Security.