image

Information Technology Audit Services

Managing IT Solutions aligned with organizational needs and goals. 
An IT audit is the examination and evaluation of an organization's information technology infrastructure, policies and operations.
Information technology audits determine whether IT controls protect corporate assets, ensure data integrity and are aligned with the business's overall goals. IT auditors examine not only physical security controls, but also overall business and financial controls that involve information technology systems.

Services List Includes
  • Evaluate the systems and processes in place that secure company data.
  • Determine risks to a company's information assets, and help identify methods to minimize those risks.
  • Ensure information management processes are in compliance with IT-specific laws, policies and standard
  • Determine inefficiencies in IT systems and associated management.
 
image

Cyber Security Services

Your Cybersecurity Solutions Partner
In Assurance Zone We’re not just protecting users, customers, and patients. We’re protecting your business as well.
Our cyber security services offer tremendous monetary and non-monetary value within your organization. Minimally, an improvement in your security posture keeps confidential, classified, and proprietary business materials out of the hands of competitors. Beyond this, the right cyber security policies and protocols boost employee productivity by minimizing computer system downtime while optimizing your website’s uptime. As you shield computers and hardware from malware, you’re also improving equipment longevity and postponing replacement cost. And as you elevate consumer confidence, you’re better able to attract and retain new business.

Services List includes
  • Penetration Testing
  • Post-implementation Reviews
  • Red Teaming
  • Cyber security and maturity assessment
  • IT and Security Governance
 
image

SOC Reports Services

Zero-touch, efficient audits with constant monitoring.
SOC stands for “System and Organization Controls.” These were formerly Service Organization Control reports. SOC is a suite of reports from the AICPA that CPA firms can issue in connection with system-level controls at a service organization. Currently, there is a SOC 1, SOC 2, SOC 3, and SOC for Cybersecurity report offering. In addition, there are SOC + reports where another standard can be added (i.e. HIPAA, HITRUST, NIST, etc.). The AICPA is working on additional SOC offerings to include in the suite.

SOC 1 Reports: A SOC 1 report falls under the Statement on Standards for Attestation Engagements (SSAE) 18 AT-C 320 (formerly SSAE 16 or AT 801), though it is named a SOC 1 versus the name of the standard (reports are NOT called SSAE 18s). A SOC 1 report has a financial focus that includes a service organization’s controls relevant to an audit of a service organization’s client’s financials. The service organization (with the assistance of the auditors) will figure out what the key control objectives are for the services they are providing to their clients. Control objectives will be related to both information technology processes and business processes at the service organization.

A Type I SOC 1 report includes a description of controls (which is the design of the controls) at a service organization as of a specified date. A Type II SOC 1 report includes the same opinions on the description of controls, but it also includes an opinion on the operating effectiveness of controls over a specified period of time. Groups that would be interested in the results of the SOC 1 report could include executives (financial) at the user organization, financial auditors of the service org, or compliance officers.

SOC 2 Reports: A SOC 2 report also falls under the SSAE 18 standard, though it is specifically addressed in sections AT-C 105 and AT-C 205. The SOC 2 report includes a service organization’s controls that are outlined by the AICPA’s Trust Services Criteria (TSC), that are relevant to its services, operations, and compliance. There are five available criteria that include security, availability, processing integrity, confidentiality, and privacy. The security criteria, which are also referred to as the common criteria, is the only required criteria to be included in the SOC 2. The difference between SOC 1 and SOC 2 is that in a SOC 2 controls meeting the criteria are identified and tested, versus in a SOC 1 where controls meeting the identified control objectives are tested.

Services List Includes
  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

A service organization can choose a SOC 2 report that includes just the security/common criteria or all five criteria, or a combination of the five criteria. The interested readers of the SOC 2 report may also be compliance officers, financial execs, and financial auditors, but could also be an organization’s IT execs, regulators, or partners.

In summary of the comparison of SOC 1 vs. SOC 2 reports:
The SOC 1 addresses internal control relevant to a service organization’s client’s financial statements. The SOC 2 report addresses a service organization’s controls that are relevant to its operations and compliance, as outlined by the AICPA’s Trust Services Criteria (TSC).