With all the commerce and other types of transactions and information that traverse the Internet, it is useful that there are organizations such as the CSA, AICPA, and many others, which are focused on serving the public’s interests. And while nothing will ever give complete assurance as to the internal controls for a service organization, SOC audit reports go a long way to providing a level of assurance that is acceptable to most people and organizations.
Information security is a hot topic and receives frequent headlines due to the weekly—if not daily—security breaches that occur on a global scale. At Linford & Co, we work with service providers on a regular basis to evaluate aspects of their information security by independently testing the design and operating effectiveness of their controls.
There is no such thing as a SOC or SSAE 16 (known as SOC 1, which is the marketing name for the standard) certification.
Many of our clients and prospects get asked for a “SOC report” without any further clarification. Also, many get asked for a SOC 1 and a SOC 2… so how do they know what they need? Do they need both? Just one? We get these questions all the time, and with a quick conversation, we […]
In a SOC 2 examination, two of the five Trust Services Principles and Criteria are Privacy and Confidentiality. These two principles can be confusing and may seem to overlap.
We are frequently asked how long it takes to complete a SOC examination. Unfortunately there is not an answer that fits for every examination because every service organization is different. But, if an organization has controls in place the average time taken for a SOC examination is typically one to three months for Type I reports, and six to 12 months for Type II reports. If controls are not in place, the examination can take longer.
Recently, a client asked if we could provide them some insight on the similarities, differences, advantages, and disadvantages of getting a SOC 2 Security versus an ISO 27001 certification.
A type II SOC 1 (f. SSAE 16) or SOC 2 report (versus a Type I) is the most useful for a service organization to provide to a client. Most reports cover a 12 month period, but can be as short as six months
We hear this question all the time from new clients and prospects. How long will it take for us to prepare the required documentation for a SOC report?
At Linford & Company we perform many SOC 1 (f. SSAE 16) and SOC 2 engagements.