AuditOne Inc.’s sole focus is to perform SOC reviews and related consulting assessments, and to issue SOC 1, SOC 2, or SOC 3 SysTrust ® reports. Most of our clients benefit from an informed consultation designed to determine the best and most cost-effective strategy to follow in order to meet their goals.
Why You Need a SOC Report
Financial institutions, health care providers, and other corporations (user entities) are required to perform due diligence and ongoing monitoring of the safety, integrity and related controls over their data when it is being handled by a third party. SOC reports provide the user entities information on the service provider’s systems and related controls. If you are an organization providing outsourced services to a company, your customer may be required to obtain a SOC report from you.
AuditOne’s SOC Service Offerings
- Annual Risk Assessment (AICPA – SOC requirement)
- Annual Penetration Testing (AICPA – SOC requirement if applicable)
- HIPAA Security Rule Assessment Report
- Annual SOC 1 or SOC 2 Report
- Annual SOC 3 SysTrust ® Report
- SSAE 18 consulting
Annual Risk Assessment
Companies completing a SOC 1, SOC 2 or SOC 3 report must satisfy the AICPA “Identification of Risks” concept. Our risk assessment process normally begins with a cloud-based secure exchange of documents for our review offsite and ends with a week or less on-site to complete.
Annual Penetration Testing
Annual penetration testing helps you protect your critical IT infrastructure by identifying and validating known security vulnerabilities for both public-facing and internal resources. Penetration testing is about a week-long project, which typically includes both offsite and on-site interaction.
HIPAA Security Rule Assessment Report
All HIPAA-covered entities and business associates are required to conduct or update an IT security risk analysis on a regular and ongoing basis. A HIPAA security rule assessment report is delivered at the end of engagement which can be given to end customers if requested.
Annual SOC 1 or 2 Report
A SOC Report (Service Organization Controls Report) is a report on Controls at a Service Organization. A SOC audit may include offsite consulting as needed to prepare for first time SOC clients. The SOC audit engagement concludes with one to two weeks on site.
Annual SOC 3 SysTrust ® Report
A SOC 3 SysTrust ® report is a publicly displayable summary version of the SOC 2 report. The SOC 3 SysTrust ® website seal can be displayed on your public website after the completion of the audit work and resulting report. A completed SOC 2 audit is required concurrent or prior to performing a SOC 3 SysTrust ® audit and resulting report.