b'a SOC 3 can be made public and used to market products and services to the general public. GUIDE TO SOCSOC Plus + Assessments What is SOC?A SOC Plus + examination modifies the scope of a SOC 2 examination to incorporate additional criterian Many organizations and their third-party of other regulations. service providers are entrusted with sensitive and The scope, for example, could be expanded toregulated data that, if breached, could compromise include auditing for compliance with the Healththe security of customers.Information Trust Alliances (HITRUST) Commonn A framework created by the American Institute Security Framework (CSF) or the Cloud Securityof Certified Public Accountants (AICPA) enables Alliances (CSAs) Cloud Control Matrix (CCM). Additional regulations can also be defined. CPAs and Information Security experts to review and formally comment on the adequacy of SOC for Cybersecurity organizational controls pertaining to sensitive data.In a SOC for Cybersecurity examination, ann This framework is known as System and assessment and an opinion are provided on theOrganizational Controls (SOC). design and operating effectiveness of controls within a Cybersecurity Risk Management Program.Why is SOC Important?This Program is defined as the policies, procedures,n Organizations that achieve SOC compliance and controls designed to protect information and systems from security events through the executionelevate client confidence and their position in of timely detection, response, mitigation, andthe marketplace by demonstrating that they are recovery activities. effectively managing cyber risk. Similar to a SOC 2 examination, a Type I or Type IIn No matter what your business type or size, can be performed, and one or more trust servicea SOC report can be a very powerful tool in principles and criteria can be included in scope. Also,establishing trust with current and prospective similar to a SOC 2, a readiness assessment can becustomers.provided for the SOC Cybersecurity exam.Who needs a SOC?n If your organization is collecting, processing, transmitting, or storing sensitive data, then your organization likely would benefit from a SOC.305-447-6750 |info@ermprotect.com |https://ermprotect.com'