How SOC2+ Additional Subject Matter Assessments Save Organizations Time and Money to Meet Compliance Objectives
SOC 2 examinations are used by many organizations today to obtain an independent and thorough understanding of the security control structure and detailed security control measures of third-party service providers. A “SOC2+ Additional Subject Matter Assessment” allows experts to assess compliance with SOC2 while at the same time reviewing compliance with other privacy laws, standards and regulations such as HIPAA, PCI, GDPR etc.
SOC 2+ provides one integrated internal control report addressing key regulatory risks. It allows third-party service providers to take advantage of the synergies of overlapping control frameworks and satisfy their customers’ evolving control requirements. This has the potential to reduce overall compliance costs and efforts as SOC 2+ reports create substantial efficiencies for organizations.
Issues such as repetitive testing per year, contracting of multiple firms to perform different audits, additional tracking of controls, and other nuances that come with multiple compliance efforts can be greatly reduced and addressed in one report.
Below is a table highlighting the Additional Subject Matters that can be included in a SOC2+:
Additional Subject Matter items listed above have formal mappings in place with SOC 2 and are available from the American Institute of Certified Public Accountants.