SOC 2

SOC 2 Type 1 & 2

Assurance for IT Services

SOC 2: IT Assurance reporting for IT Service Providers.

IT Organizations and IT departments are increasingly outsourcing IT services to specialized suppliers, including SaaS suppliers, data centers and IT Service providers. External regulators are more often demanding that suppliers provide certainty about the IT services provided, including all subcontractors. This can be done by performing a SOC 2 audit at the service provider, after which an IT Assurance is issued as a SOC 2 statement. We at Cyberus have certified IT Auditors and Consultants, and understand how we can relieve organizations in obtaining and maintaining a SOC 2 statement. The Cyberus Consultants assist organizations, from SMEs to Corporates, with achieving the SOC 2 assurance as an IT Audit and Compliance partner. In addition, the Cyberus IT Auditors are able to perform SOC 2 audits and issue assurance statements. For more information feel free to contact us!

'Achieving SOC 2 Statement'

We from Cyberus unburden you in obtaining a SOC 2 statement.


In the execution of the actual IT Audit, Cyberus offers transparency and efficiency in the execution of the SOC 2 audit.


Cyberus uses 4 phases for both audit and advice for SOC 2


Phase 1

Scoping &
Planning

The first step is the inventory of the scope of the SOC 2 report, on the basis of which a planning for the audit trail is drawn up.


The aim here is to determine the planning of the 'SOC 2 audit' or 'SOC 2 implementation process'.


A choice must be made whether it concerns consultancy work or the actual audit.

Level 2

Risk profile &
goal

After the scope and planning have been determined, a risk analysis is carried out and the management objectives are drawn up.


The purpose of this is to further specify the objective of the audit from the actual performance or implementation.




Phase 3

Pre-audit &
Mitigation

During the third phase, the pre-audit will be performed on the implemented control mechanisms. Through the pre-audit, the possible findings can be mitigated.


The goal is it

identify the potential findings and mitigate them before the actual audit takes place.

Phase 4

Audit &
Assurance

During the fourth and final phase, the audit will be performed or support will be provided for the implementation of the audit. This is for the benefit of unburdening.


The aim is to perform the audit or support in obtaining a SOC 2 assurance report in Type 1 or Type 2.

Additional information: SOC (Service Organization Control) statements

In addition to the ISAE statements that are better known in the Netherlands (and internationally), Cyberus also has expertise in SOC (Service Organization Control) and is capable of issuing SOC statements. SOC is the American equivalent of the ISAE statements. This standard has been developed by the AICPA for reporting on the internal controls of service organizations, which are controlled according to the SSAE16 standard. As with the ISAE reports, SOC reports have a type 1 (judgment about implementation at a certain point in time) and type 2 (judgment about operation over a certain period). An exception to this is the SOC 3 report, which only has a type 2. There are 3 types of SOC reports: SOC I: a report based on the SSAE16 /AT 801 and used for reporting on financial processes (similar to the ISAE 3402) SOC II: a report based on the AT101 standard, which does not focus on financial processes, but on the Trusted Service Criteria principles; security, confidentiality, integrity, availability, privacy and processing integrity (similar to ISAE 3000). SOC III: this report is a short form report based on work from a SOCII, but made available to a wider audience (for an overview, see intended audience SOC II, text under ISAE 3000). The summary report may be posted on an organization's website, but with the requirement that the report contains no findings (judgement without any restriction). The exception also applies to SOC III that it only has a type 2 report).

acquaintance

For an introduction to Cyberus, with the consultants and IT auditors about SOC2, please feel free to contact us.


This can be done via virtual appointment or simply at our office with a cup of coffee.


Our office is located at the HSD (the Hague Security Delta) in The Hague next to Den Haag Laan van NOI station. Parking is available under the building.


 In contact met Cyberus

Share by: