Your Path to SOC 2 Compliance
Preparing for a SOC 2 audit can be strenuous and time-consuming, depending on the scope and level of complexity in a corporate environment. GoldSky Security begins this process by understanding what is driving the need for a SOC 2 audit and assessing the systems that are pertinent to those drivers. The following is our proven Five Step Approach towards achieving SOC 2 accreditation:
- Determine Trust Services Criteria in Scope for Examination
- Perform a NIST SP 800-53 Security Risk Assessment & SOC 2 Gap Analysis
- Design of Controls
- SOC 2 Readiness Testing
SOC 2 Readiness requires guidance from experienced IT Security and Compliance professionals to ensure the controls will meet the AICPA standards. SOC 2 Readiness should be viewed as a companywide transformation for your business to gain a competitive advantage in the marketplace. GoldSky Security’s proven process has helped small-midsize businesses achieve SOC 2 accreditation. Call (407) 853-8400 or email us at [email protected] to schedule a free consultation.
Ready to be SOC 2 Compliant? We will get you there.
Contact us to start your SOC 2 journey.
Our experienced team of SOC 2 Implementers will guide you, step-by-step, through the ins-and-outs of becoming compliant.
We have worked with GoldSky Security over the past few years to perform our annual Security Risk Assessments and to insure we are compliant with NCUA security standards. The Risk Assessment reports we receive are extremely detailed and the Remediation Roadmap’s are easy to understand and follow for our management team. As a result of partnering with GoldSky, we have dramatically increased the security posture of our credit union over time. We look forward to continuing our partnership and would highly recommend GoldSky as a great partner for any company in need of cybersecurity advisory services.”
Jeff Tibbetts Vice President and CIO LSI, Inc
Five Step Process
Determine Trust Services Criteria in Scope for Examination
The trust services criteria are classified into the following five categories starting with Security, Availability, Processing Integrity, Confidentiality and Privacy.
Perform a Security Risk Assessment & SOC 2 Gap Analysis
GoldSky performs a NIST based security risk assessment, examines the controls effectiveness, and identifies gaps and vulnerabilities that exist within the organization. This assessment serves as a baseline for determining the starting point on the journey towards SOC 2 accreditation.
Design of Controls
Evaluate the control environment using the SOC 2 criteria customized to the chosen Trust Services Criteria to identify gaps that require remediation. The assessment consists of the following steps, Mapping of existing controls to the framework, Documentation of gaps and “future state” controls and Identification of remediation plans.
The Remediation plan serves as a detailed Roadmap in preparation of the SOC 2 report and addresses the detailed steps and deliverables to satisfy the control standards, achievable timelines to meet and last to determine remediation Stakeholder’s to drive and track progress.
SOC 2 Readiness Testing
GoldSky will perform readiness testing to ensure the company’s controls work as intended. This should be done before engaging the auditor. Readiness testing reduces the risk of exceptions that could result in qualified opinions and serves to validate management’s assertions made during the documentation and remediation phases. Only when a company has performed readiness testing and addresses its operating effectiveness issues should management feel confident to move forward with the SOC 2 audit.
“We were very pleased with the service from GoldSky. In addition to being very professional and knowledgeable, they communicated with our management team every step of the way, so we knew what was going on at all times. Once the project was completed, they delivered a detailed report about the work they did and made recommendations on how to improve our IT infrastructure moving forward. We will continue to use GoldSky as the need arises and would recommend their services without hesitation.”
David Kendall COO Cobb Cole