Our Services

SOC Advisory and SOC Plus Attestations

Cyber-attacks are growing in frequency and severity, particularly against small businesses. It is no longer a matter of whether a cybersecurity incident will happen, but when it will happen. As businesses’ dependency on technology continues to increase, increases in risks like data breaches, ransomware attacks and fraud. Fields like financial services and healthcare have compliance requirements, but information security and privacy are about much more than simple compliance. With hacks and data breaches on the rise, it’s increasingly important for your organization to keep and earn customers’ trust.
Therefore, Organizations need to establish whether their internal control environment for financial reporting and/or general IT controls is operating as effectively as it should be or to determine ways to increase their cybersecurity efforts.
Organizations that are service providers also need to frequently produce reports that provide assurance to their users related to financial reporting and IT controls; these reports are known as System and Organization Controls (SOC) reports.
EntPerMaSys is experienced in conducting these examinations and guides organizations towards mitigating cybersecurity risk and improving overall cybersecurity posture.
The following reports provide information about your controls to help your customers assess and address the risks associated with your services. (For a detailed comparison, please reference the AICPA.)

SOC 1 Report

A detailed description of your internal controls over financial reporting that impact your customers, so that your customers meet the needs of their management, auditors, and other stakeholders.

SOC 2 Report

A comprehensive description of your internal controls relevant to the security, availability, processing integrity, confidentiality, and privacy of your system.

SOC 3 Report

If you want to be able to share your SOC 2, but don’t need to provide more than an overview related to security, availability, processing integrity, confidentiality, and privacy. Can be readily shared, and used for marketing purposes.

Need to go beyond SOC 2:

SOC 2 Plus

If you want to go beyond the SOC 2 trust services criteria (security, availability, processing integrity, confidentiality, and privacy) and report on another regulatory or compliance framework i.e., HIPAA, GDPR, NIST Cybersecurity Framework, Cloud Security Alliance, ISO 27001, etc.

SOC for Cybersecurity

If you want a general-use report that’s specifically relevant to the organization’s cybersecurity risk management program.

SOC for Supply Chain

Addresses the trust services criteria from SOC 2, relevant to a production, manufacturing, or distribution system.
We look at:

  • Controls in place to protect data and systems
  • Controls customers must implement to ensure system objectives can be achieved
  • Independent testing of controls as of a date in time (Type 1) or for a period of time (Type 2)
How do you know you’re ready for a SOC Attestation ?
The quickest way to find out if you are ready for a SOC examination—especially if this is your first time—is to have a readiness assessment completed. We can help identify gaps and provide realistic recommendations to complete your preparations.
Other Services