standard

SOC 2 consultants

SOC System and Organisation Controls 

AvISO specialises in helping you provide a compliant SOC 2 report across Kent, the Southeast, London and UK Wide. 

Requirements: SOC 2 

More information on this standard...
Scroll down
case studies

in brief

SOC stands for ‘System and Organisation Controls’. The SOC 2 framework applies to all services organisations which store data that wish to convey assurance. Its primary objective is to ensure the safety and privacy of your customer’s data. SOC 2 was developed by the American Institute of Certified Public Accountants and defined its principles for managing customer data on five “trust service principles”

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy
A SOC 2 examination report provides your client with the detailed information and assurance they need on safety and privacy as a provider of services. Unlike other standards, SOC 2 reports are unique to each organisation and are broken down into Type I and Type II. 
  • Type I - assessment of the effectiveness of controls at a point in time
  • Type II - assessment of the effectiveness of controls over a period (typically nine months)

Outside auditors’ issue SOC 2 certification. They assess the extent to which an organisation has complied with one or more of the five trust principles based on the systems and processes in place.

why work with AvISO

  • AvISO has a 100% success rate of achieving UKAS accredited certification to ISO 27001:2013 for our clients
  • AvISO has experience with a wide selection of ISO standards, including ISO 27001:2013, so can offer tried and tested advice on their implementation and integration
  • We are recommended buy all the major Certification Bodies for ISO 27001:2013 Consultancy
  • AvISO has built excellent relationships with Cranfield Universities
  • With an exceptional In-House team of ISO 27001:2013 Consultants and working closely with a rigorously selected group of Technical Experts ensures you receive the best possible service whatever your project.

What is SOC2?

SOC 2 is a set of standards established by the American Institute of Certified Public Accountants (AICPA) for evaluating and reporting on the internal controls of a service organisation related to security, availability, processing integrity, confidentiality, and privacy.

It is commonly used by organisations that provide cloud-based or other outsourced IT services. The goal of SOC 2 is to provide assurance to customers and stakeholders that the service organisation has appropriate controls in place to protect sensitive data and maintain the availability and integrity of its systems.

What are the different types of SOC2:

Question icon ISO consultancy London

SOC2 Type 1

SOC 2 Type 1 is a report on the design and implementation of controls at a service organisation relevant to security, availability, processing integrity, confidentiality, or privacy. It is an examination report that provides assurance about the design and implementation of the service organisation's controls at a specific point in time.

The examination is performed by an independent auditor who is a member of the AICPA and is conducted in accordance with the AICPA's SOC 2 standard. The SOC 2 Type 1 report includes the auditor's opinion on the design and implementation of the controls. Still, it does not include testing of the operating effectiveness of the controls over a period of time. This type of report is intended to provide customers and stakeholders with an independent assessment of the service organisation's controls as they existed at a specific point in time, which can help them make informed decisions about using the service organisation's services.

Question icon ISO consultancy London

SOC2 Type 2

A SOC 2 Type 2 report is an examination report that provides assurance about the effectiveness of a service organisation's controls over a period, typically six months. It is a report on the controls at a service organisation relevant to security, availability, processing integrity, confidentiality, and/or privacy.

The examination is performed by an independent auditor who is a member of the AICPA and is conducted in accordance with the AICPA's SOC 2 standard. A SOC 2 Type 2 report includes the auditor's opinion on the design and implementation of the controls and testing of the operating effectiveness over time. The report is intended to provide customers and stakeholders with an independent assessment of the service organisation's controls, which can help them make informed decisions about using the service organisation's services.

Question icon ISO consultancy London

SOC2 Type 2+

SOC 2+ is a term that is sometimes used to refer to an enhanced version of the SOC 2 report that includes additional assurance on the service organisation's compliance with other relevant regulations or standards, such as HIPAA, PCI-DSS or ISO27001.

SOC 2+ report is an examination report that provides assurance about the effectiveness of a service organisation's controls over a period, typically six months. In addition to SOC 2 criteria, it covers additional compliance requirements as well.

The SOC 2+ report is intended to provide customers and stakeholders with an independent assessment of the service organisation's controls, which can help them make informed decisions about using the service organisation's services. It is important to note that SOC 2+ is not an official AICPA term; it’s a term that some service providers use to indicate they have met multiple compliance standards.

Question icon ISO consultancy London

Summary of the different SOC2 Types

SOC 2 Type 1 reports on the design of controls, while SOC 2 Type 2 reports on the operating effectiveness of those controls. SOC2 Type 1 is usually not accepted by business partners; therefore, for an organisation, the goal is to achieve SOC2 Type 2.

SOC 2+ is a version of the SOC 2 report that includes additional assurance on the service organisation’s compliance with other relevant regulations or standards, such as HIPAA, PCI-DSS or ISO 27001. In other words, it is an integrated management system.

information guides

ask a question

If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you: Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk

By filling out this form, you agree to the terms laid out in our privacy policy
Thank you!
Your submission has been received, one of our team members will be in touch soon.
Oops! Something went wrong while submitting the form.
choose a standard

What Standard are you looking to obtain:

ISO 9001 – Quality Management System Standard
ISO 14001 – Environmental Management System Standard
ISO 27001 – Information Security Management System Standard
ISO 20001 - Information Technology Service Management Part 1
ISO27701:2019 – Privacy Management System Standard
ISO 30071-1 - Digital Accessibility Standard
ISO 37001 – Anti-Bribery Management System Standard
ISO 45001 – Health and Safety Management Standard
ISO 50001 – Energy Management System Standard
ISO 14064:1 - Quantification And Reporting Of Greenhouse Gas Emissions And Removals
ISO 14067 - Carbon Calculator
PAS 2060 - Carbon Neutrality
ISO 17024 - Conformity Assessment of the Certification of Persons
ISO 17025 – The competence of testing and calibration laboratories
ISO 20121 – Event Sustainability Management System Standard
ISO 37301:2021 – Legal Compliance Management System 
ISO 31000 - Risk Management
ISO 37002 - Whistleblowing
ISO 22000 – Food Safety Management System Standard
BES 6001 - Responsible Sourcing of Construction Products
ISO 22301 – Business Continuity Management System Standard
IATF 16949 – Automotive Quality Management System Standard
ISO 44001- Collaborative business relationships
BS 8900 - Guidance for managing sustainable development
CYBER ESSENTIALS – Cyber Security
SOC2 Compliance
ESOS – Energy Savings Opportunity Scheme
FIAS – Fertiliser, Security & Traceability
Lexcel – Legal Management System
MOD Standards
SECR - Streamlined Energy and Carbon Reporting
TISAX® – Information Security for the Automotive Industry
AS 9100 - Aerospace Quality Management System | Aqms
esos Energy Audits
B CORP CERTIFICATION
ISO 45003 - Occupational Health and Safety Management
ISO 42001:2023 - Artificial Intelligence 
Need more info? Let us know how we can help
get in touch
Ask a Question
By clicking “Continue To Site”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.