Delivering on the Promise of SOC 1 compliance.

Achieve compliance and gain market share ▪ Stop redundant customer audits ▪ Partner with experts who understand your industry and the regulatory pressure you face ▪ Give customers confidence that your service organization meets the highest global standards for internal controls ▪ Differentiate your company from competitors ▪ Eliminate additional customer audits and self-assessment questionnaires ▪ Gain instant credibility, the potential to grow your market share, and the ability to independently assess controls.

Skoda Minotti provides an affordable, efficient approach to SOC 1 (previously SSAE 16) compliance. We bring Big 4 expertise – without the expense – to clients ranging from small private firms to Fortune 500 companies. Our audit specialists will design a customized process to help your organization benchmark and compare internal controls against industry best practices. We also specialize in assisting with first-time compliance.

Understanding SOC 1. SOC 1 is an internationally recognized third-party assurance audit designed for service organizations that replaced SAS 70 in 2011. Service organizations that impact their clients’ internal controls over financial reporting should consider a SOC 1 report to meet customer requirements. If security, confidentiality, availability or processing integrity is a critical concern, a SOC 2 report may be the more appropriate standard.

Benefits of a SOC 1 report. SOC 1 provides service organizations benchmarks for comparing their internal controls with industry best practices. In addition to having a vetted independent third party review of your organization additional benefits include:

  • Instant credibility
  • Third-party perception
  • Confirmation that controls, procedures, and process are in place as management intends
  • Independent assessment of controls
  • Potential to grow market share
  • Reduction of third-party self-assessment questionnaires
  • One audit report can satisfy multiple customers

SOC 1 Examination Services:

  • SOC 1 Readiness Assessment. Preparing for your first SSAE 16/SOC 1 audit? This is where we’ll start. Skoda Minotti conducts readiness assessments for organizations that are new to SSAE 16/SOC 1.
  • SOC 1 Transition Services. Ensure compliance with new SSAE 18 requirements as you move from SSAE 16 compliance to this updated standard.
  • SOC 1 Type I. You have policies and procedures in place, but need to gain a better understanding of SOC 1. A Type 1 engagement prepares an organization for the Type II report, and provides an assurance report on the design of internal controls as of a specified date.
  • SOC 1 Type II. Earn the highest level of assurance for SOC 1. Type 2 reports not only evaluates the design of controls but includes testing to illustrate the operating effectiveness of your controls over a period of time

Visit our FAQs to find out more about a SOC 1 Type I and II examination reporting.

AT 101 (SOC2)

SOC 2 is an independent assessment of your organization’s systems against an industry accepted data security program. A SOC 2 report will illustrate your organization’s controls related to security, availability, processing integrity, confidentiality and privacy. Receiving a SOC 2 report from Skoda Minotti will provide you with a valuable report to share with clients and create trust from third-party entities.

Skoda Minotti brings you custom-built assessments, reporting and collaboration tools so SOC 2 engagements can be completed efficiently, effectively and on budget. Our in-house resources and knowledge span across a range of industries, and our IT expertise provides you with the most sophisticated level of service at a fair cost.

Industries for SOC 2. The following industries (and many more) ask us for advice.

chart

 

 

*Be sure to consider a SOC 1 (SSAE) report if your service potentially impacts one or more clients financial reporting activities.

SOC 2 Criteria. Not sure if you need a SOC 1, 2, 3 or all of the above? A Skoda Minotti specialist will walk you through these reporting standards and advise on what your organization needs to stay compliant, competitive and cost-efficient. SOC 2 reporting criteria is identical to Trust Services/SOC 3—but the difference is how the report is formatted. SOC 2 reports provide reporting and testing procedures for third parties to evaluate.

SysTrust / WebTrust (SOC 3)

Earn stakeholders’ trust and drive sales ▪ Achieve verification that your systems protect confidentiality and preserve data privacy ▪ Assure customers that your systems process transactions accurately.

SOC 3 compliance, including WebTrust and SysTrust, is specifically designed for companies seeking independent assurance related to information systems and e-commerce.

Industries for SOC 3. Skoda Minotti serves a range of industries that benefit from SOC 3 audits, including:

  • Application service providers (ASPs)
  • Software as a Service (SaaS)
  • Third-party administrators
  • Payroll providers
  • Professional employer organizations (PEOs)
  • Collection companies
  • Data centers and colocation services
  • Managed service providers
  • ACH processors
  • Health care organizations
  • Financial services

The Trust Framework. The American Institute of CPAs (AICPA) and Canadian Institute of Chartered Accountants (CICA) established the foundation of the Trust Services Framework, which includes:

Security – the system is protected against unauthorized access, physical and logical.
Availability – the system is available for operation and use as committed or agreed.
Processing integrity – system processing is complete, accurate, timely and authorized.
Confidentiality – information designated as confidential is protected as committed or agreed.
Privacy – personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principals issued by the AICAPA and CICA.

Which SOC report does your company need? Download a free reference guide by clicking on the button below.

 

 

Why Skoda Minotti Risk Advisory Services? 

We’re a full-service advisory firm with niche practice experience—and we are easy to work with. Our creative, talented consultants are committed to implementing the latest technology to build efficiencies. With more than 30 years of proven history in our field, we bring time-tested solutions and the latest innovations to your company. We also engage auditors with certifications such as CISSP, CISA, CISM, QSA, CIA, in addition to our on-site CPAs, in order to complete your company’s audit.

  • Proven customer service
  • High-quality deliverables
  • Driven to meet project deadlines and expectations
  • Reasonably priced

Questions? Contact Ben Osbrach and he’d be glad to help.

Ben Osbrach, CISSP / CISA / QSA