SOC and Cybersecurity Services
In Dallas, TX
Organizations that are service providers frequently need to produce reports that provide assurance related to financial reporting and IT controls; these reports are known as System and Organization Controls (SOC) reports. Vail & Park, P.C.’s experience in conducting these examinations has left us in a unique position to also guide organizations towards mitigating cybersecurity risk and improving overall cybersecurity posture.
Cyber-attacks are growing in frequency and severity, particularly against small businesses. It is no longer a matter of whether a cybersecurity incident will happen, but when it will happen. To help establish whether your organization’s internal control environment for financial reporting and/or general IT controls is operating as effectively as it should or to determine ways to increase your firm’s cybersecurity efforts, contact us to schedule a free consultation for your business today!
SOC 1® – SOC for Service Organizations: ICFR
Users: Service organization management and specified parties, such as user entities of the system and business partners that interact with the system
Purpose: Provide specific users with information about controls related to financial reporting
SOC 2® – SOC for Service Organizations: Trust Services Criteria
Users: Service organization management and special parties such as user entities of the system and business partners that interact with the system.
Purpose: Provide specific users with information about controls related to security, availability, processing integrity, confidentiality or privacy.
SOC 3® – SOC for Service Organizations: Trust Services Criteria for General Use Report
Users: General users
Purpose: Provide information about controls related to security, availability, processing integrity, confidentiality or privacy.
SOC for Supply Chain
Users: Entity management, directors, investors, business partners, and other stakeholders
Purpose: Provide information about controls for producing, manufacturing or distributing goods to better understand the cybersecurity risks in their supply chains
SOC for Cybersecurity
Users: Entity management, directors, investors, business partners, and other stakeholders
Purpose: Provide information about the effectiveness of the entity’s Cybersecurity Risk Management Program
Cybersecurity Consulting
The purpose of this exercise is to assess your organization’s current cybersecurity posture, determine the strategic implementations required to improve the firm’s cybersecurity efforts, and work with your organization to develop the following documents:
- System Security Plan (SSP)
- Incident Response Plan (IRP)
- Acceptable-Use Policy (AUP)
- Plan of Actions and Milestones (PoAM)