, the fast-growing cyber security services provider, has launched a new consultancy, SOC audit preparation service
(based on ISAE 3402 or SSAE 16) specifically aimed at service provider organisations, including Cloud and outsourced managed hosting solutions providers. The consultancy service is designed to help these types of organisations prepare for a “SOC 2 or SOC 3 audit”, which is often being requested of organisations who wish to provide services to financial institutions, amongst others.
Alan Calder, Founder and Executive Chairman of IT Governance, says, “A successful SOC report, which is based on either an ISAE 3402 or SSAE 16 audit, enables service organisations to partner with a tier one institution without having to undergo prior, extensive due diligence. It also provides the necessary reassurance to clients that their data is protected - from initial development stage through to quality assurance, data backup and data availability.”
A SOC report represents a detailed analysis of the internal management processes and controls that an organisation employs. A SOC 2 and 3 report demonstrates an organisation’s commitment to system availability and proper data handling – by providing information on non-financial controls that affect data security, privacy, availability, confidentiality and processing integrity. A provider may choose to undertake a SOC audit to confirm that the security, availability and correct data safeguards are in place within a Cloud platform to provide the necessary reassurance to its clients.
Although a SOC audit can only be conducted by a qualified chartered accountant, the consultancy service offered by IT Governance will help organisations to implement and maintain the necessary controls to achieve a successfully audit outcome. The controls that are reported cover procedures and controls for operation and monitoring, physical security, procedures and controls for back-up, disaster recovery plans, and procedures and controls for physical and logical access to facilities.
Calder adds, “Our service is designed to help service providers prepare for a successful SOC 2 and 3 audit by applying a range of principles and controls from international standards on information- and cyber security, i.e. ISO 27001:2013, the 20 Critical Cyber Security Controls, or Cloud-specific controls. Thanks to our extensive experience with information security management systems we are ideally placed to apply a combination of a set of customised organisation-specific controls.”
More information on the IT Governance SOC reporting service is available here: www.itgovernance.co.uk/soc-reporting.aspx