Similar to the SSAE 16 SOC 1 audits, SOC 2 audits are available to service providers under the MSP/Cloud Verify program. SOC 2 audits are issued under AT-101, different from SSAE 16. A SOC 2 report is issued by independent accounting firms following a set of criteria called the Trust Services Principles (or TSP). The TSP was established by the American Institute of Certified Public Accountants, or AICPA) to provide a common set of criteria related to information technology subject areas. SOC 2 reports must be issued covering the security criteria and can be expanded to cover subject areas relating to availability, processing integrity, confidentiality and privacy principles.
By blending the MSP/Cloud Verify program and the SOC 2 together, this “dual certification” offers companies a cost-effective and comprehensive audit that is specific to your profession.
Not all SOC 2 engagements are the same
Why? Because, depending on the auditor you use, you may get controls that are not suited to your business model, and more importantly, unimportant to your customers. You may also get an auditor that is really good at accounting but has little knowledge about managed services specific technologies, processes, and service delivery characteristics. Getting a SOC 2 audit report that is based on standards specific to cloud computing and manage service is crucial to providing your customers with the assurance they require.
Our team of trained and experienced global auditors can leverage the MSP/Cloud Verify to significantly
- a) decrease the engagement time
- b) maintain out of control costs
- c) apply controls relevant to your business model!
If customers or partners request SOC 2 audit or if you want to know more about the MSPAlliance program, please contact [email protected] or call 530-891-1340.