SOC

SOC 1 report is mainly concerned with examining controls over financial reporting, the SOC 2 and SOC 3 reports focus more on the pre-defined, standardized benchmarks for controls related to security, processing integrity, confidentiality, or privacy of the data center’s system and information.

  • SOC Advisory Services
  • SOC Assessments

We will verify your organisation compliance with a defined SOCs metrics, and submit the compliance reports for:

  • Overview of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory overview
  • Verifying that your organization has the proper internal controls and processes in place to deliver high quality services to your clients.
  • Evaluating your policies and procedures, which are crucial to the operability of your organization.
  • Assuring clients that their sensitive data is protected, building trust between service providers and user organizations.
  • Removing the internal blinders; personnel often can’t or don’t want to see vulnerabilities that an experienced auditor does.
  • Strengthening your environment, and teaching you ways to mature your practices.
  • Giving you a competitive advantage by demonstrating your commitment to security.

Statistics

  • Lack of skilled staff is the #1 SOC shortcoming; inadequate automation/orchestration is at #2.
  • Only 54% of SOCs use metrics.
  • 31% of SOCs are staffed with 2–5 people, 36% of SOCS are staffed with 6 to 25 SOC personnel, while 11% had 26 to 100 SOC staff members.

Source: SANS 2018 SOC Survey