Accorian Assurance
Accorian Assurance is a leading firm specializing in Service and Organizational Controls (SOC) 1, 2, and 3 audits and attestations. As an AICPA-accredited CPA, we are at the forefront of providing exceptional services to our clients. Whether you are engaged in the inception phase of a new business venture, running an established business, considering an exit strategy for your business holdings, or simply seeking advice and assistance, we offer personalized attention of the highest caliber to ensure that your needs are met with utmost professionalism and care.
Types of SOC 2 Reports
There are two types of SOC 2 reports that organizations can pursue based on their security framework and control maturity:
This report is suitable for companies that are in the process of implementing their security framework and controls. Auditors primarily focus on assessing the organization's security framework, including policies, procedures, and standard operating procedures (SOPs), while overseeing internal controls' implementation. They examine the evidence and provide feedback while capturing the current security posture and identifying any exceptions or deviations. The Type 1 report represents a point-in-time assessment and does not evaluate control maturity.
This report is suitable for companies that have designed, implemented, and maintained a steady state of security controls over six months. The auditor assesses the organization's security framework and control implementation for maturity over this fixed period of time. The Type 2 report provides a comprehensive evaluation of the effectiveness and consistency of the controls, demonstrating the organization's ongoing commitment to security and compliance.
The SOC 2 TSCs (Trust Services Criterias)
The SOC 2 Trust Services Criteria (TSC) for information technology provides a comprehensive framework for developing, implementing, and evaluating information system controls. These controls are essential to ensure that your information system can effectively achieve its objectives.​
Availablity
This TSC emphasizes the importance of demonstrating that a service organization’s systems are consistently and readily accessible. This TSC focuses on ensuring that the organization’s systems are available and accessible to users. It includes components such as system uptime, monitoring, and maintenance to minimize downtime and ensure continuous service availability.
Security
This is the fundamental and essential TSC for SOC 2, encompassing several vital components of an organization’s control environment. The primary objective of the Security TSC is to ensure that the organization effectively protects its systems against intrusion and other risks that could compromise the delivery of services to clients.
Confidentiality
This TSC focuses on demonstrating that sensitive data is effectively protected and prevented from unauthorized access, disclosure, or use. Its purpose is to showcase the organization’s dedication to safeguarding the privacy of client and user information.
Privacy
The Privacy TSC is included in SOC 2 reports to demonstrate that personally identifiable information (PII) is protected and managed responsibly by the organizations that collect, use, retain, release, and dispose of such information. Including the Privacy TSC in SOC 2 reports signifies the organization’s commitment to protecting individual privacy and ensuring compliance with relevant privacy laws and regulations.
Processing Integrity
This TSC focuses on ensuring that systems process data entirely, accurately, and precisely, aiming to demonstrate the trustworthiness of an organization’s data processing techniques. By including the Processing Integrity TSC in SOC 2 reports, organizations showcase their commitment to processing data thoroughly, quickly, and reliably.