Skip to main content

Service Organization Control (SOC1 & SOC2)

SOC is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.

A SOC report is designed to address internal controls over financial reporting while a SOC2 report addresses a service organization’s controls that are relevant to their operations and compliance. One or both could be right for your organization.

LP3 begins with an initial assessment of your system using automated compliance software to determine which necessary controls and practices you have already implemented and which you still need to put in place.

These are multi-tiered controls across several categories of security, including:

  • CC1: Control Environment
  • CC2: Communication and Information
  • CC3: Risk Assessment
  • CC4: Monitoring Activities
  • CC5: Control Activities
  • CC6: Logical and Physical Access Controls
  • CC7: System Operations
  • CC8: Change Management
  • CC9: Risk Mitigation

LP3 will deliver subject matter expert security engineering support to the client to assist SOC2 principles preparing for a SOC2 audit. To provide professional services for SOC2 gaps remediation. Most of this work can be completed remotely. Occasional conference calls with key stakeholders will be required for data gathering and follow up.

We are on a mission to PROTECT your data, privacy, and infrastructure.

Let us help you keep your organization safe from a cyberattack.

Request a Consultation