SOC AUDIT & CONSULTING SERVICES
SOC SERVICES
SOC 1 AUDIT
Subject matter: on Controls over Financial Reporting.
Description: When outsourced processes have impact on Financial Statement audit report on those outsourced processes may be needed/required by the management or auditor of the outsourcer.
SOC 2 AUDIT
Subject matter: on Controls relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy of information. Detailed report addressed to the company.
Description: Commonly used in IT world, when a company outsources some IT processes and needs assurance about its proper flow. There are defined requirements (Trusted Services Criteria) against which an audit is performed, however it is adjusted which of them are suitable for a given case.
SOC 2+ AUDIT
Subject matter: possible extension of SOC 2.
Description: Includes criteria for SOC 2 plus some additional defined in the audit engagement. Usual additional criteria: Description of the physical characteristics of a service organization’s facilities; Historical data related to the availability of computing resources; Compliance with a statement of privacy practices (e.g. GDPR, CCPA, LGTP); Criteria established by an industry group (ISO 27001, ISO 27017, ISO 27701, NIST, FedRAMP, HIPAA, COBIT, etc.).
SOC 3 AUDIT
SOC FOR CYBERSECURITY AUDIT
SOC FOR SUPPLY CHAIN AUDIT
Subject matter: on Controls relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy of information. General report addressed to possible clients/public.
Description: Audit against the same criteria as for SOC 2 but report is addressed to the public. SOC 2 report is not publicly reported as it contains some sensitive information on internal controls. SOC 3 reports contains more general information as it aimed to be publicly presented.
Subject matter: on Cybersecurity Risk Management Program and Controls.
Description: Audit performed in accordance with the attestation standards on an entity’s cybersecurity risk management program.
Subject matter: on Risk and Controls in a Production, Manufacturing, or Distribution System.
Description: Audit performed in accordance with the attestation standards to provide intended users with information about a system that produces, manufactures, or distributes products and the effectiveness of controls within that system.
SOC CONSULTING
Designing, implementing, maintaining, and consulting risk & control system based on the Trusted Services Criteria.
Providing complex services to prepare entities to comply with SOC criteria and support during the SOC audit.
SOC TRAINING
Providing SOC training: designing, implementing, maintaining, and auditing control & risk system based on TSC requirements.
OTHER SERVICES
Providing other information security, cybersecurity, resilience, and privacy consulting & audit services: ISO 27001, 27017, 27018, 22301, NIST, HIPAA, GDPR, CCPA / CPRA, FedRAMP, STAR, COBIT, CCM, SOX, CIS Controls, NERC.
Read more: www.itgrcadvisory.com
ABOUT US
OUR EXPERIENCE
We are an international consortium rooted in the UK, Poland, and the UAE, dedicated to specialized System and Organization Controls (SOC) services. Our commitment to excellence is demonstrated as each audit is meticulously carried out by experienced auditors from inception to completion.
Our team's diverse experience encompasses:
-
Comprehensive SOC 1, SOC 2, SOC 3, ISAE 3402, and SSAE 18 audits for diverse entities.
-
Security and IT audits for sectors including finance, energy, oil, and IT.
-
In-depth internal control audits and assessments, executed by skilled internal auditors.
-
Risk analysis for aviation and high-risk installations.
-
GRC system integration, assessment, and guidance.
-
In-depth business failure analysis using diverse methodologies.
-
Implementation and guidance on international compliance and cybersecurity standards.
Our knowledge is your asset. Our proficiencies extend across various domains, including GRC, IT audits, risk management, data protection, and ensuring business continuity. Beyond offering services, our zeal for knowledge-sharing drives us to present lectures, workshops, and training. Recognized by ISACA, a global authority in IT and security, we also provide training both in Poland and throughout the EMEA.
Our portfolio reflects projects of diverse magnitudes, cultures, and legal frameworks. In the realm of regulated, high-stakes markets, our emphasis on managing reputational risk is unmatched in Poland, especially in areas of internal control system attestations as per the American market (SOC) framework.
Our auditors hold international certifications: CPA, Advanced SOC, Cybersecurity Advisory Services, SOC for cybersecurity, SOC for supply chain, CISA, CISM, CRISC, CDPSE, CGEIT, CCAK, CIA, CCSA, CGAP, CRMA, ISO 27001 LA, ISO 20000 LA, ISO 23001 LA, CSXF, ACE, AESGO, GRCP, GRCA, COBIT2019F, COSO Internal Control.
OUR CLIENTS
We worked for various companies and industries especially for:
-
ICT entities;
-
Startups;
-
Data Centers;
-
Software houses;
-
Financial institutions;
-
Transport companies;
-
Government agencies;
-
Energy&Oil.
STAY IN TOUCH
UK office:
ITGRC ADVISORY LTD.
590 Kingston Road, London,
United Kingdom, SW20 8DN
company number: 12435469
Email: office@itgrcadvisory.com
LINKS
ABOUT
UK office:
ITGRC ADVISORY LTD.
590 Kingston Road, London,
United Kingdom, SW20 8DN
company number: 12435469
Email: office@itgrcadvisory.com
© 2021 by The SOC Project.