SOC 2 & 3
At End-To-End Computing, we are experienced at delivering Type I and Type II SOC 2 audits that meet the highest levels of user scrutiny and satisfy service organization, user organization, and user auditor requirements.
A SOC 2 compliance report meets the needs of a broad range of users who need information and assurance about controls at a service organization that affect the security, availability, or processing integrity of the systems that the service organization uses to process users’ data or the confidentiality or privacy of the information processed by these.
SOC Audit Examination Overview
Our approach to SOC audits ensures an efficient, minimally invasive engagement with regular communication throughout the process. We guarantee each of our clients will work with highly-skilled professionals whose knowledge spans multiple technical disciplines.
Scope: During joint discussions with management, we determine which people, processes, and technologies relate to the services provided to user organizations.
Prepare: After we obtain the signed agreement, we prepare an initial request list and an illustrative Risk and Controls Matrix (RCM).
Plan: We then plan our interview schedule for the onsite fieldwork.
Arrive: We arrive on-site, typically a Monday morning, and start conducting interviews based on the interview schedule.
Walkthrough: We perform the interviews and conduct walkthroughs of the processes and controls. We obtain documentary evidence to support our audit procedures.
Readiness Assessment: Many first year examinations include a readiness assessment wherein we conduct certain examination procedures and communicate to management any internal control weaknesses.
Write Up: We write up the description of services and the testing performed.
SOC Report: We issue the SOC report.
Engagement Timing: We typically work backward from when the client (i.e., service organization) would like the audit report in their hands to share with their user organizations. This almost always drives the timing of our work.
Duration: This is highly dependent on the scope of the examination and may result in two to five (or more) auditors being onsite for a period of one to several weeks. Typically, more time is spent in the first year of an examination than in subsequent years. Moreover, first year examinations may include two or more site visits. One site visit related to the readiness assessment, another being related to the actual examination.