OUR TEAM OF CYBERSECURITY EXPERTS CAN HELP YOU TO ACHIEVE COMPLIANCE.
If you do not have time or a skilled and qualified resource, we can help your organization in planning, assessing current and desire security posture along with identifying all risks, vulnerabilities, and operational and processes driven fatal red flags followed by working to deploy all required countermeasure security controls to reduce, mitigate, or transfer risk.
Since 2000, Our professional team members have assisted U.S. Federal Government Agencies, State of California Government Agencies, and Fortune 100, 500, and 1000 public and private world-class international companies to identify cybersecurity threats, vulnerabilities, business and processes gaps, and red flag, and able to timely deploy security countermeasure solutions and/or compensating or alternative controls which reduce or eliminate security risks, threats, and vulnerabilities.
We specialize in Enterprise Security Strategies and Planning, Risk Assessment, Infrastructure, and Web Application Cyber Security Threats Assessment, Cloud Security, Security Compliance Standard (SOX, PCI-DSS v3.1, HIPAA, FISMA, NIST-800), Security Awareness, Policy Program along with unique and hybrid expertise evaluating and assessing Vendors and Business Partner Security Risk Assessment. Our mission: Your Rock-Solid Security is Our # 1 Priority.
With our years of real-world hands-on work expertise, special skills, and our unique methodologies, we can make your company “Hack-proof, Hack-resilient, and Security-compliant!”
SOC audit services and provide quality SOC reporting for public and private organizations across various industries throughout the U.S.
A SOC 1 report focus and examination results in a formal, independent report on controls that affect user entities’ financial reporting process or SOX 404 key controls.
A SOC 2 report can play an important role in the oversight of your organization, vendor management programs, internal corporate governance, and risk management processes.
The report is based on Existing SysTrust and WebTrust principles, relevant to
-Security
-Availability
-Processing
-Integrity
-Confidentiality
-Privacy
Details about testing performed
Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in January 2010. SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations. SSAE 16 was formally issued in April 2010 and became effective on June 15, 2011. You can order a copy of SSAE 16 from the AICPA’s online store at http://www.cpa2biz.com – publication number 023035.
SSAE 16 was drafted with the intention and purpose of updating the US service organization reporting standard so that it mirrors and complies with the new international service organization reporting standard – ISAE 3402. SSAE 16 also establishes a new Attestation Standard called AT 801 which contains guidance for performing the service auditor’s examination.
Many service organizations that previously had a SAS 70 service auditor’s examination (“SAS 70 audit”) performed converted to the new standard in 2011 and now have an
SSAE 16 report instead – also referred to as a Service Organization Controls (SOC) 1 report.
Statement on Auditing Standards No. 70: Service Organizations, commonly abbreviated as SAS 70 and available full-text by permission of the AICPA, is an auditing statement issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) with its content codified as AU 324. SAS 70 provides guidance to service auditors when assessing the internal controls of a service organization and issuing a service auditor’s report. SAS 70 also provides guidance to auditors of financial statements of an entity that uses one or more service organizations. Service organizations are typically entities that provide outsourcing services that impact the control environment of their customers. Examples of service organizations are insurance and medical claims processors, trust companies, hosted data centers, application service providers (ASPs), managed security providers, credit processing organizations and clearinghouses.
There are two types of service auditor reports. A Type I service auditor’s report includes the service auditor’s opinion on the fairness of the presentation of the service organization’s description of controls that had been placed in operation and the suitability of the design of the controls to achieve the specified control objectives. A Type II service auditor’s report includes the information contained in a Type I service auditor’s report and also includes the service auditor’s opinion on whether the specific controls were operating effectively during the period under review.
