Do you ever outsource part of your IT services? Or, in contrast, are you the organization that works with outsourced services? More and more organizations are using IT service organizations for data processing. An organization that outsources part of its services can impose requirements on the party that performs these services for it. To demonstrate that the requirements are met, a SOC 2 statement can be prepared. This is done by an independent party. This statement can be used to demonstrate that work is done in a reliable and secure manner.
SOC 2 reporting
SOC stands for Service Organization Controls Report. In a SOC 2 report the requirements for organizations that outsource part of their services are included. The report describes the outsourced processes, including the controls. The operation and the actions taken by the organization that takes over the service are also described. The reporting standard makes outsourced processes more auditable. This means that organizations can decide which principles are tested.
SOC 2 statement
We are happy to perform the audit for you that is necessary to obtain a SOC 2 certificate. As every organization is unique, we are happy to discuss your starting position. Together we identify which steps (maybe) still need to be taken to be ready for the audit. We will then draw up a tailor-made proposal for you.