In a SOC 2 examination, two of the five Trust Services Principles and Criteria are Privacy and Confidentiality. These two principles can be confusing and may seem to overlap.
We are frequently asked how long it takes to complete a SOC examination. Unfortunately there is not an answer that fits for every examination because every service organization is different. But, if an organization has controls in place the average time taken for a SOC examination is typically one to three months for Type I reports, and six to 12 months for Type II reports. If controls are not in place, the examination can take longer.
Recently, a client asked if we could provide them some insight on the similarities, differences, advantages, and disadvantages of getting a SOC 2 Security versus an ISO 27001 certification.
A type II SOC 1 (f. SSAE 16) or SOC 2 report (versus a Type I) is the most useful for a service organization to provide to a client. Most reports cover a 12 month period, but can be as short as six months
A SOC (Service Organization Control) report is a report on controls at a service organization related to various types of subject matter, for example: controls that affect user entities’ financial reporting; controls that affect the security, availability, and processing integrity of the systems; or the confidentiality or privacy of the information processed for user entities’ clients.
We hear this question all the time from new clients and prospects. How long will it take for us to prepare the required documentation for a SOC report?
At Linford & Company we perform many SOC 1 (f. SSAE 16) and SOC 2 engagements.
The topic of de-identification of personal information has come up in discussions with clients several times in the past year. In each scenario, our client or potential client is collecting and maintaining a store of personal information which must be protected from breach—customer records, payment card industry cardholder data, electronic protected health information (ePHI), etc. […]
Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth.
So you have begun to be asked by a current client or prospective client for a SOC 2 report.