SOC 2 is a voluntary compliance standard that specifies criteria and guidelines in how organizations should handle customer data security based on five trust service principles (TSPs) - security, availability, processing integrity, confidentiality and privacy. SOC 2 reports are unique and conform to the organization in line with specific business practices. Many variables influence the effort required to prepare a system for audit and authorization. SOC 2 reports are a continuous effort to implement and evaluate controls consistently. HanaByte can automate and implement compliance services and is able to advise related organization personnel conducting a SOC 2 readiness assessment before submission to a formal SOC 2 audit. We can coach you on selecting an audit and certification firm (CPA - Certified Public Accountants), appropriate for your business.
There are two types of SOC 2 reports:
Type 1 describing the organization’s systems and its compliance with the trust principles at a certain point in time
Type 2 detailing the operational efficiency of the systems and controls over a period of time
Perform workshops on SOC 2 processes and authorization – educating key stakeholders, technical personnel, and support teams on a variety of topics. Workshops are interactive and are used to learn more about your business.
Deliverables
Delivery of a variety of workshops covering SOC 2 processes/authorization paths including topics of TSPs and general security best practices
Regular remote meetings to track progress that best fits your schedule
Personnel
Security Consultant(s) will be assigned to the engagement for a flat fee.
Customer Responsibilities
Provide access to related documentation and in-scope systems.
Guidance in assessing your existing services and its control implementations, infrastructure, software, people, policies, procedures, and relevant documentation against known frameworks in accordance with SOC 2 relevance.
Guidance through SOC 2 processes and authorization – including the importance of educating key stakeholders, technical personnel, and support teams on a variety of topics.
Guidance in which TSPs are relevant to your organization since it isn’t required to audit every TSP in the SOC audit report.
Deliverables
Regular meetings to counsel SOC 2 processes and review paths including topics of TSPs
Regular meetings to provide recommendations with third party companies
Personnel
Security Consultant(s), billed hourly as needed for the engagement
Customer Responsibilities
Provide access to related documentation and in-scope systems
Assessment of your existing services and its control implementations, infrastructure, software, people, policies, procedures, and relevant documentation in order to perform a gap analysis to the framework
Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements
Deliverables
Detailed gap assessment includes review of your environment, information security policies, procedures, personnel, and controls
Remediation plan with detailed steps to resolve gaps within a feasible timeline and regular remote meetings to track progress
Personnel
Security consultant(s), billed 5 days full-days per week for the engagement
Expected turnaround time of engagement to be 2-4 weeks
Customer Responsibilities
Provide access to related documentation and in-scope systems
Assessment of your existing services and its control implementations, infrastructure, software, people, policies, procedures, and relevant documentation in order to perform a gap analysis to the framework
Perform workshops on SOC 2 processes and authorization – educating key stakeholders, technical personnel, and support teams on a variety of topics. Workshops are interactive and are used to learn more about your business
Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements
Deliverables
Detailed readiness assessment includes review of your environment, information security policies, procedures, personnel, and controls
Delivery of a variety of workshops covering SOC 2 processes/authorization paths including topics of TSPs
Remediation plan with detailed steps to resolve gaps within a feasible timeline and regular meetings to track progress
Personnel
Security Consultant(s), billed 5 days full-days per week for the engagement. One or more HanaByte Security Consultant may travel to your organization’s site to conduct hands-on assessment and workshops.
Expected full SOC 2
launch turnaround time of engagement to be 4-6 weeks depending on the type of SOC 2 report engagement required.
Gap assessment and
workshops may be conducted concurrently for a reduced turnaround time in the case of
assignment of multiple HanaByte Security Consultants
Customer Responsibilities
Provide access to related documentation and in-scope systems
