SOC 2

Assess, Educate & Remediate

SOC 2 Compliance Certification is an auditing process that demonstrates that your business manages customer data securely and in a comprehensive way that protects your customers’ privacy and the privacy of the business.

Developed by the American Institute of CPAs (AICPA), SOC 2 audits use five “trust service principles” to examine the way your business manages customer data:

Security
Availability
Processing integrity
Confidentiality
Privacy

SOC 2 Compliance Certification audits are performed by a third-party auditor (a certified public accountant) who will then issue the compliant business one of two types of certification:

Type I Certification – Typically the first step organizations might take, Type I is an attestation of compliance with SOC 2 controls at a specific point in time. This demonstrates that an organization has established proper security and privacy hygiene.

Type II Certification – an attestation of compliance with SOC 2 controls over a period of time (at least 6 months). This demonstrates that not only has an organization established proper security and privacy hygiene, but it is also continuously maintaining it. Type II certifications typically take six to 12 months to complete the independent audit.

SOC 2 Readiness

SOC 2 Certification process requires an independent third party auditor against five trust services criteria: security, availability, confidentiality, privacy and processing integrity. As industry-leading certified cybersecurity & compliance experts (CISSP, CIA, CISA, CEH, PMP) we help you understand the driving needs of the assessment and support you through the SOC 2 Certification process with your third party auditor.

Security Also known as the "common criteria," security focuses on the protection of information and systems against unauthorized access. This criteria tests that your customers’ information is protected at all times (collection, creation, use, processing, transmission, and storage) along with the systems that handle it.
Availability This criteria makes sure your systems are secure and available for customers to use when they expect to. Availability addresses network performance, downtime and security event handling.
Confidentiality This criteria ensures the protection of confidential information. If you agree to keep any of your customers' information confidential, this criteria is paramount.
Privacy This criteria focuses on the protection of personal information. Similar to confidentiality, the privacy criteria tests whether you effectively protect your customers’ personal information. Where confidentiality focuses on corporate information, privacy focuses on individuals sensitive data (e.g. name, address, email, social security number, purchase history, criminal history, etc.)
Processing Integrity The processing integrity criteria addresses processing errors and how long it takes to detect and fix them, as well as the incident-free storage and maintenance of data. It also makes sure that any system inputs and outputs are free from unauthorized access or manipulation.

Columbia Advisory Group’s monitoring services provide continuous compliance and security control effectiveness tracking via our Security Operations Center (SOC) to ensure you maintain the proper ongoing controls. We manage the entire process and act as your security and compliance department during the assessment, audit, examination, and certification.

Ready to Talk with an Expert?

Learn how we align our exceptional experience as a leading IT Managed Service Provider to bring measurable benefits to your organization

SOC 2

Assess, Educate & Remediate

SOC 2 Readiness

Ready to Talk with an Expert?

Case Studies

Strategic Operational Cost Reduction in a Top-Tier Global Financial Institution

Navigating an HVAC Division Carve-Out for a Large Publicly Traded Company

Embracing the Future: Tarleton State University’s Data-Driven Transformation

Columbia Advisory Group

CYBERSECURITY

MANAGED IT

IT LEADERSHIP & ADVISORY

INDUSTRIES

CASE-STUDIES

BLOG

ABOUT

CAREERS