7. Provide a Written Statement of Assertion. Yet another requirement for SOC 2 compliance is providing the service auditor (i.e., the CPA performing the SOC 2 engagement) with a written statement of assertion. This assertion, which is a strict requirement for SOC reporting, is essentially a document whereby the service organization’s management must assert to a number of different provisions regarding their overall control environment.
8. Policies and Procedures are Critical. SOC 2 assessments are technical – there’s no debating that – but keep in mind that a large part of today’s compliance mandates – particularly SOC 2 reports – require comprehensive policy and procedure documents to be in place. NDNB provides a comprehensive SOC 2 Policy Packet to all of our clients that we work with, helping them save thousands of dollar and hundreds of man-hours on critical policy development.
When it comes to saving thousands of dollars and hundreds of operational man-hours for regulatory compliance, NDNB delivers a homerun in terms of cost saving and efficiencies with our policy templates. What’s more, when properly developed, your information security policies and procedures can often serve to meet numerous other compliance mandates, such as PCI DSS, HIPAA, FISMA, and more.