SAS 70 requires service organisation to go through an in depth assessment of their control objectives and control activities. It includes in its ambit the IT and related processes. The basic objective is to demonstrate that the service organisation has adequate controls and countermeasures while handling, processing or storing the data of their clients.
The Type report of SOC1 reports the opinion of the auditors regarding about the system’s and service’s description given by the management and about the accuracy and completeness of the controls.
On the other hand, the Type2 reports the operating effectiveness of the controls in place.
The SOC3 report is based on the “Trust Service Principles”. It reports if the enterprise has achieved the trust service criteria or not. It lays stress on trust service principles like security, availability, confidentiality, privacy and integrity.
Our elite team at Cyber Radar Systems perform SAS 70, SOC1, SOC2 and SOC3 Audit with expertise and valued services to help you not only meet the regulatory compliances of such mandatory audits but also bolster the confidence of your management’s and stakeholders’ on IT Security and related controls.