SOC2 - Szolgáltató szervezetek tanisítása

Article

SOC2 – Reporting on Service Organization Control

An efficiently managed IT security control environment is key for any organisation. Inadequately protected IT systems can leave companies vulnerable to threats such as unauthorised access to business-critical data, malware-induced disruptions, or other IT incidents that affect business continuity. The situation is even more critical if the organisation processes or stores confidential data for its customers as part of an IT service.

To help service organisations provide assurance on the adequacy of controls that mitigate risks to their customers, the American Institute of Certified Public Accountants (AICPA) has developed a 5-step audit process based on the "Trust Service Principles" that assesses a service organisation's internal controls for security, confidentiality, processing integrity, availability and privacy, using general compliance requirements.

At the end of the process, an independent auditor's SOC2 (Service Organization Control) report is issued. SOC2 report can be used to show customers that the service organisation operates an effective information security environment. For SOC2 reporting the best cases usually include companies that store/process customer data, provides trust services or wants to provide assurance on the operational effectiveness of information security controls for its customers. For security-conscious businesses, requiring SOC2 reports has now become a baseline when considering the use of an IT service provider, and is often included in contracts.

Deloitte Third-Party Risk Management Global Survey Report 2020

Deloitte has more than 15 years of experience in conducting SOC1/SOC2 audit investigations. We pride ourselves on our team of experts, whose main profile is to coordinate and conduct these audits efficiently while meeting our clients' needs. We are able to issue both SOC2-Type I (design of IT controls) and SOC2-Type II (implementation and operational effectiveness) audit reports.

By having our assurance SOC2 audit report, our clients can gain a significant
market advantage and enhance their brand and reputation. Unlike a generic audit certificate, it gives a much more detailed and realistic picture of the IT security posture of an organisation.

We recommend the course to:

trust service providers who want to provide a high level of assurance to their clients

organisations that carry out data processing activities

companies seeking to reduce compliance costs

organisations that want to increase the confidentiality of both internal and external stakeholders

those who want to improve their organisation's IT security control environment

start-ups, cloud service providers, outsourcing companies

Deloitte SOC2 Service Offering

Get in touch with our experts

Zoltán Szöllősi

Partner

zszollosi@deloittece.com

Zoltán is a Partner responsible for leading the IT Risk & Control and Internal Audit service line at Deloitte Hungary. He has been performing and managing audit and advisory projects for over 19 years... More

Dr. Barta Gergő

Szenior Menedzser

+36 1 428 6694

Gergő a Deloitte Technológiai Tanácsadás üzletágának szenior menedzsere. Karrierje során számos nemzetközi szervezetnél dolgozott külföldön és Magyarországon egyaránt. Főbb szakmai területe SOC1 és SO... More

Audit & Assurance

Consulting

Risk Advisory

Financial Advisory

Legal

Tax

Consumer

Energy, Resources & Industrials

Financial Services

Government & Public Services

Life Sciences & Health Care

Technology, Media & Telecommunications

Shared Service Center

All Industries and Sectors

Career at Deloitte

Fresh graduates and students

Experienced applicants

Life at Deloitte

Diversity and Inclusion

Interview tips

We make an impact that matters

Pros of working at Deloitte