7. Provide a Written Statement of Assertion. Yet another requirement for SOC 2 compliance is providing the service auditor (i.e., the CPA performing the SOC 2 engagement) with a written statement of assertion. This assertion, which is a strict requirement for SOC reporting, is essentially a document whereby the service organization’s management must assert to a number of different provisions regarding their overall control environment.
8. Policies and Procedures are Critical. SOC 2 assessments are technical – there’s no debating that – but keep in mind that a large part of today’s compliance mandates – particularly SOC 2 reports – require comprehensive policy and procedure documents to be in place. NDB provides a comprehensive SOC 2 Policy Packet to all of our clients that we work with, helping them save thousands of dollar and hundreds of man-hours on critical policy development.
When it comes to saving thousands of dollars and hundreds of operational man-hours for regulatory compliance, NDB delivers a homerun in terms of cost saving and efficiencies with our policy templates. What’s more, when properly developed, your information security policies and procedures can often serve to meet numerous other compliance mandates, such as PCI DSS, HIPAA, FISMA, and more.
9. The adoption of SOC 2 is now moving faster than expected. Considering the number of technology-based service organizations which exist in today’s landscape, one would assume that the SOC 2 framework would be widely embraced and immediately adopted, and it is, moving much faster than expected. While many service organizations initially chose to perform SSAE 16 SOC 1 assessments, the SOC 2 framework is a fast-moving train with no red lights in front of it. Almost any type of technology driven company in today’s business world is an ideal candidate for SOC 2 compliance, and that’s exactly why it’s witnessing tremendous growth and acceptance. From data centers to cloud computing – and more – SOC 2 is on the rise.
View Part I and Part II of the SOC 2 Reporting Framework Essentials Whitepaper.