Types of SOC attestations
Focuses on business and financial controls and reporting of a service organization.
Focuses on a service organization’s controls related to: security, availability, processing integrity of a system, and the confidentiality of the information processed by a system.
A redacted version of a SOC 2 report. Removes proprietary and/or confidential information so that the report can be made public.
SOC for Cybersecurity
Focuses on an entity’s cybersecurity risk management program; meant for investors, boards of directors, and senior management.
SOC for Supply Chain
A report to help entities better assess and manage supply chain risk. Provides an audited track record for customers, business partners, and other interested parties to show a commitment by the entity to these stakeholders.
GAI Cyber offer a full suite of SOC consulting services, with a focus on SOC readiness assessments – to include: technology solutioning, documentation creation and process maturation. We have partnerships with accredited CPA firms that will conduct SOC Assessments once organizations are ready for independent assessment.
Readiness assessments: GAI Cyber will you identify and document your controls, determine any gaps that need to be remediated prior to pursuing a Type 1 or Type 2 report, and provide recommendations on how to remediate the gaps identified.
Type 1 reports: We conduct a formalized SOC examination and report on the suitability of design and implementation of controls as of a point in time.
Type 2 reports: We conduct a formalized SOC examination and report on the suitability of design and operating effectiveness of controls over a period of time (Six months or longer). A Type 2 report requires sample testing various controls, such as: auditing capability, encryption, logical access, and change management, to ensure that the controls in place were operating effectively during the examination period.