Sign up for our newsletter! →

SOC 2

SOC 2 is a voluntary compliance standard that specifies criteria and guidelines in how organizations should handle customer data security based on five trust service principles (TSPs) - security, availability, processing integrity, confidentiality and privacy. SOC 2 reports are unique and conform to the organization in line with specific business practices. Many variables influence the effort required to prepare a system for audit and authorization. SOC 2 reports are a continuous effort to implement and evaluate controls consistently. HanaByte can automate and implement compliance services and is able to advise related organization personnel conducting a SOC 2 readiness assessment before submission to a formal SOC 2 audit. We can coach you on selecting an audit and certification firm (CPA - Certified Public Accountants), appropriate for your business.

There are two types of SOC 2 reports:
Type 1 describing the organization’s systems and its compliance with the trust principles at a certain point in time
Type 2 detailing the operational efficiency of the systems and controls over a period of time

SOC2, HanaByte

SOC 2 Workshops

Scope

  • Perform workshops on SOC 2 processes and authorization – educating key stakeholders, technical personnel, and support teams on a variety of topics. Workshops are interactive and are used to learn more about your business.

Deliverables

  • Delivery of a variety of workshops covering SOC 2 processes/authorization paths including topics of TSPs and general security best practices
  • Regular remote meetings to track progress that best fits your schedule

Personnel

  • Security Consultant(s) will be assigned to the engagement for a flat fee.

Customer Responsibilities

  • Provide access to related documentation and in-scope systems.

SOC 2 Advisory Services

Scope

  • Guidance in assessing your existing services and its control implementations, infrastructure, software, people, policies, procedures, and relevant documentation against known frameworks in accordance with SOC 2 relevance.
  • Guidance through SOC 2 processes and authorization – including the importance of educating key stakeholders, technical personnel, and support teams on a variety of topics.
  • Guidance in which TSPs are relevant to your organization since it isn’t required to audit every TSP in the SOC audit report.

Deliverables

  • Regular meetings to counsel SOC 2 processes and review paths including topics of TSPs
  • Regular meetings to provide recommendations with third party companies

Personnel

  • Security Consultant(s), billed hourly as needed for the engagement

Customer Responsibilities

  • Provide access to related documentation and in-scope systems

SOC 2 Gap Assessment

Scope

  • Assessment of your existing services and its control implementations, infrastructure, software, people, policies, procedures, and relevant documentation in order to perform a gap analysis to the framework
  • Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements

Deliverables

  • Detailed gap assessment includes review of your environment, information security policies, procedures, personnel, and controls
  • Remediation plan with detailed steps to resolve gaps within a feasible timeline and regular remote meetings to track progress

Personnel

  • Security consultant(s), billed 5 days full-days per week for the engagement
  • Expected turnaround time of engagement to be 2-4 weeks

Customer Responsibilities

  • Provide access to related documentation and in-scope systems

Scope

  • Assessment of your existing services and its control implementations, infrastructure, software, people, policies, procedures, and relevant documentation in order to perform a gap analysis to the framework
  • Perform workshops on SOC 2 processes and authorization – educating key stakeholders, technical personnel, and support teams on a variety of topics. Workshops are interactive and are used to learn more about your business
  • Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements

Deliverables

  • Detailed readiness assessment includes review of your environment, information security policies, procedures, personnel, and controls
  • Delivery of a variety of workshops covering SOC 2 processes/authorization paths including topics of TSPs
  • Remediation plan with detailed steps to resolve gaps within a feasible timeline and regular meetings to track progress

Personnel

  • Security Consultant(s), billed 5 days full-days per week for the engagement. One or more HanaByte Security Consultant may travel to your organization’s site to conduct hands-on assessment and workshops.
  • Expected full SOC 2 launch turnaround time of engagement to be 4-6 weeks depending on the type of SOC 2 report engagement required.
  • Gap assessment and workshops may be conducted concurrently for a reduced turnaround time in the case of assignment of multiple HanaByte Security Consultants

Customer Responsibilities

  • Provide access to related documentation and in-scope systems