Regulatory Compliance Services
Comply With Various Security Standards
Types of SOC 2 reports
SOC Type 1 is analogous to a “note to reader” financial statement whereas SOC Type 2 is analogous to an audited financial statement. Therefore, the most involved, detailed, and valuable SOC certification that evaluates your operations is a SOC 2 Type 2 report.
- Type I – describes a vendor’s systems and whether their design is suitable to meet relevant trust principles.
- Type II – details the operational effectiveness of those systems.
The Main ISO27001 Guidelines
- Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts.
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable.
- Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.