The Service

SOC 2® (System and Organisation Controls) is an audit which reports on the level of controls at a Service Organisation, and includes controls relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.

Organisations who participate, undergo an examination by a registered member of the American Institute of Certified Public Accountants’ (AICPA) in order to receive their SOC 2 Report.

These reports are intended to demonstrate assurance to partner organisations and customers that the controls at a service organisation relevant to security, availability, and processing integrity, are secure and fit for purpose.

At BH Consulting we offer a SOC 2 service where we assess current operations and controls and then help clients align to the requirements of SOC 2.

The Benefits

  • Demonstrate your organisation’s commitment to security compliance

  • Enhance your ability to obtain and retain International customers, particularly those in the US

  • Reduce the compliance burden by providing one report that addresses the shared needs of multiple parties

The Challenge

Vendor Management programmes are becoming more rigorous, whilst the demand for 3rd party suppliers – to provide detailed information and assurance about the security and privacy controls – has become challenging and time-consuming. SOC 2 Reports (and ISO 27001 Certification) present an effective way of demonstrating that security management best practice is followed in your organisation.

Our Process

We follow this process in preparing clients for SOC 2 examinations:

Step 1: Review and agree on the SOC 2 Trust Service Categories that are in Scope, from:

  1. Security (information and systems are protected against unauthorised access, unauthorised disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to achieve its objectives)
  2. Availability (that information and systems are available for operation and used to meet the entity’s objectives)
  3. Processing Integrity (over the provision of services or the production, manufacturing, or distribution of goods)
  4. Confidentiality (to ensure information designated as confidential is protected to meet the entity’s objectives)
  5. Privacy (in terms of personal information collected, used, retained and disclosed to meet the entity’s objectives)

Step 2: Conduct a SOC 2 Gap Analysis and provide a report of findings and recommendations

Step 3: Provide assistance with alignment to SOC 2 and the implementation of controls

Once these steps are complete clients are ready to undergo a SOC 2 examination. BH Consulting have partnered with a registered CPA organisation to conduct the SOC 2 Examination and provide the SOC 2 Report.

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.