6. Obtain the SOC 2 Book from the AICPA. The American Institute of Certified Public Accountants (AICPA) offers a comprehensive book that discusses all technical aspects of SOC 2 reporting. Titled “Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2)”, published March, 2012, and available for purchase from cpa2biz.com.
7. Truly understand what the Trust Services Principles are. The five (5) TPS’s can seem overwhelming at first, but they’re relatively easy to understand and are quite straightforward. More specifically, the TSP’s are about having documented policies, procedures, and processes in place that speak to one’s daily operational environment. NDNB Accountants provides industry leading SOC 2 audit report policy and procedure templates, so contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, to learn more. While SOC 2 audit reports are generally seen as technical, it’s very important to understand the true intent of the TSP’s – and that’s having documented policies, procedures, and processes in place.
8. Get Policies and Procedures. That’s right, one of the most important – and often neglected area surrounding SOC 2 audit reports are the comprehensive information security policies and procedures needed for compliance. Remember, a large part of each of the TSP’s require policies and procedures as part of their actual framework, all the more reason to obtain comprehensive information security policies and procedures. NDNB provides a complete set of SOC 2 audit report audit templates as part of each engagement – all the more reason to consider us – and our fixed-fee pricing model – when looking for a high-quality SOC 2 audit firm. Learn more about NDNB's complimentary SOC 1 Policy Packets and SOC 2 Policy Packets. They truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.
10. Be aware of the continued growth in regulatory compliance. Similar to item #9, businesses need to proactively plan – both financially and operationally – for the continued surge of regulatory compliance mandates. SOC, PCI, and HIPAA are well-known, but there are many more, such as ISO, EI3PA, just to name a select few. As stated earlier, working with a well-known, highly skilled firm can help save thousands of dollars and hundreds of operational man-hours regarding compliance audits. It all comes down to planning and understanding client expectations and deliverables for today’s growing regulations. And to be sure, this is just the beginning, as many more compliance requirements will be forced upon businesses. As you can clearly see, it’s much more than just SOC 2 audit reports that service organizations need to be concerned with.
View Part I, SOC 2 Audit Report | 10 Things You Need to Know About.