Compliance Services

SOC Reporting Services

Establish and report controls to differentiate your organization

Maximize Return on Investment | 100% On Time Delivery | Audit Automation
Over 65% of security breaches can be traced to third parties. SOC 2 attestation reports help service organizations give their customers assurance and confidence that the organization has the right processes and controls in place to properly secure their data.

A System and Organization Controls report (SOC 1, 2 or 3 report) is a great way to ensure trust and confidence in your security and financial control posture that is widely recognized around the world. SOC 1 reports follow the guidance from the AICPA’s Statement on Standards for Attestation Engagements No. 18 (SSAE 18, formerly SSAE 16) and SOC 2 reports follow AT Section 101.

Reports include:

SOC 1 reports focus solely on controls at a service organization that are likely to be relevant to user entities’ internal control over financial reporting and are potentially used in an audit of a user entity’s financial statements.

SOC 2 reports address controls at a service organization related to the Trust Service Principles (TSPs) of security, availability, processing integrity of a system, or the confidentiality or privacy of the information processed by that system.

SOC 3 reports address the same subject matter as SOC 2 engagements; however, use of these reports is not restricted. Anyone may use these reports, and they may be posted on a website under a seal.  To allow for this, the SOC 3 report is typically redacted from its SOC 2 counterpart for any proprietary and/or confidential information, enabling it to be publicly available.

How we can help

We offer the following services to help service providers with their SOC reporting needs.

GDPR Compliance | General Data Protection Regulation

Part of a sound data governance program

The General Data Protection Regulation (GDPR) is an imperative for organizations that store and process EU personal data. They are at all stages of the journey, from initial planning through finalizing strategic implementations. Our industry-leading GDPR experts are here to assist you every step of the way.

An increased level of accountability is required with regards to data protection, make sure you are prepared all the way down to the process level.

 Why GDPR?

Our services include:

GDPR Gap Assessment – TBO offers a gap assessment service conducted using an interactive workshop and process review. Using our cybersecurity expertise, our CIPP-certified consultants provide strategic and tactical recommendations to give you a clear picture of your company’s readiness and direction on what next steps you should take.

GDPR Advisory Services – Our industry experts deliver projects tailored to your particular needs – whether it is policy and procedure updates to account for changes in breach notification communication, third-party assessments to ensure your vendors follow the processes you expect, or cyber engineering to re-architect data flows and storage, we provide trusted insights and advice.

GDPR Attestation/Audit – We provide cybersecurity assurance services in order to validate your compliance and deliver documentation you can share with the relevant data protection authorities.

Why Choose Us as your GDPR Partner?

NYDFS | New York Cybersecurity Regulation

The New York Financial Services Cybersecurity Regulations have been developed to address significant cybersecurity threats to the financial services industry. The regulations prescribe certain standards for a financial service company’s cybersecurity program for the purpose of promoting protection of customer information and protecting regulated information systems.

Third Party Risk | Managing Mission Critical Vendors

Imagine a one-of-a-kind vendor management platform to assess and inventory vendors all in one place. Whether it is an outsourced data center, a team of developers, or a direct mail provider; we are all trusting the care of mission critical data and business processes to a business partner. For this reason, it is more important than ever to have an effective and transparent third party risk management program.