SOC 2®

Readiness Assessment and Audit Support

AICPA SOC Service Organization Logo

Become Your Customers' Trusted Vendor of Choice

Pratum specializes in SOC 2® Readiness Assessments and Audit Support. Our cybersecurity consultants help organizations determine their preparedness to undergo a SOC 2® audit, guide improvements of security controls, and support clients through the entire process.

We help you show clients that you are serious about information security by attesting to your controls through a SOC 2® report.

Pratum’s readiness assessment will ensure you are prepared for a SOC 2® audit on the first attempt. Our experience with numerous AICPA SOC 2® auditors, both large and small, equips us to lead clients through SOC 2® from start to finish.

Pratum’s SOC 2® services include:
  • Readiness Assessment - Identifying Your Current Security Posture
  • Remediation - Filling Your Security Gaps
  • Audit Support - Representing You During the Audit

Request a Quote

B2E SOC 2® Audit

A SOC 2® allows us to stay competitive. We’re a pretty small data marketing company, but having the SOC 2® makes us more legitimate in the eyes of potential clients.

Keith Snow President - B2E

SOC 2® Process

From Readiness to Report

Our process for partnering with CPA firms on SOC 2® engagements ensures a seamless expertise for clients from the readiness phase through auditing and reporting. With Pratum leading the readiness portion and the CPA firm leading the examination, we help you hit milestones and receive a report on time with no surprises.

1

Readiness Assessment & Preparation

Duration: 2 - 4 Months

During this phase, we’ll clarify each stakeholder’s expectations for the process and set your company up to obtain your SOC 2® report with minimal distraction from day-to-day operations. Thorough planning now eliminates surprises during the exam period. From the first meeting, we focus on acting as part of your team, not an external consultant.

2

Exam

Duration: 6 - 12 Months

Expert project managers will guide you through a smooth exam process. A clear schedule will show you when to expect all testing objectives and selections. The auditor will follow professional standards for conducting a quality exam focused on collaboration and clear communication. Pratum provides audit support throughout to help you understand the auditor’s requests and provide the right information.

3

Report

Duration: 1 - 2 Months

This is where it all pays off: the SOC 2® report that helps your company retain key clients and win new ones. The auditor will provide a draft report, and Pratum will review it with you to identify any questions or concerns you have. With clear interaction among all parties, the auditor will issue a final report that’s ready for you to share with clients.

Report Types & Trust Services Criteria

Your SOC 2® process begins with selecting the type of report and the Trust Services Criteria that will best meet your business needs. Our experts leverage SSAE No. 18 and their expertise to help organizations select the appropriate report Type to pursue and the right Trust Service Criteria on which to base the report.

SOC 2® Type I

  • Point in time report - "As of MM/DD/YYYY"
  • Examines the effectiveness of control design
  • Does NOT test efficiency of control implementation

SOC 2® Type II

  • Covers a period of time; usually 6, 9 or 12 months
  • Examines and tests both effectiveness of control design and operating effectiveness

SOC 2® Trust Services Categories

Security

Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.

Privacy

Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.

Availability

Information and systems are available for operation and use to meet the entity’s objectives.

Processing Integrity

System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.

Confidentiality

Information designated as confidential is protected to meet the entity’s objectives.

Need help with SOC 2®?

Complete this form for more information or to request a proposal.

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.