Determine report type and scope
The first thing we need to do is help determine which report is most applicable to your environment and the needs of your organization and your clients.
Ensure no surprises
After we agree upon the type and scope of the examination, we typically perform a readiness assessment before your first SOC examination. The readiness assessment is a one-time review to identify your control activities satisfying each of the objectives or criteria. We will also determine potential test procedures and identify the types of evidence available to satisfy those test procedures. The deliverable provides recommendations on potential gaps in control activities and/or documentation.
After we perform the readiness assessment, we allow you time to remediate control or documentation deficiencies before we begin our examination period.
Several weeks prior to fieldwork, we will send out a document request list to assist you in gathering the necessary evidence prior to our visit. This will also help us select samples for testing.
When we arrive onsite, we will conduct our walkthroughs, observational testing and inspect the documentation you have provided for us. Interim fieldwork typically requires about one to two weeks onsite for small- to medium-sized organizations.
Towards the end of the examination period, we will perform final fieldwork where we will select additional samples and complete any remaining test procedures.
After final fieldwork, we will subject the final report to our internal quality control procedures and issue the report approximately four to eight weeks after the procedures are completed.