SOC 2 report and ISO compliance for global firm

A privately held, global business advisory firm. 

 

With a growing concern over constant data breaches in the news that could potentially compromise clients’ confidential information, the client sought help with SOC 2 reports and ISO compliance certifications. Company leadership hoped to provide customer assurance and attest to its secure data measures. Although, its internal controls structure was sound, the client had never been audited by a third party. 

 

The client engaged us based on our existing relationship providing audit and tax services and our expertise in cybersecurity. Our team conducted a readiness assessment to clearly map all internal controls and document them so they could be more easily monitored — a process that wasn’t in place previously. Through the assessment, we identified gaps and suggested ways to implement changes before starting the SOC 2 examination period. 

 

The advisory firm strengthened its security measures and improved its security posture. Most importantly, the firm improved client confidence in its data security. Since the firm’s potential clients specifically seek out companies with completed SOC 2 examinations, the security-related efforts have led to increased business. 

 

Though this engagement was initially scoped to include a small environment and assist with the client’s SOC 2 compliance, the client asked that we continue to rollout the process to their larger environment, and we’ve completed their SOC 2 reports for the past three years. We’ve also assisted them with the ISO 27001 audit process to successfully achieve certification. With our team’s extensive experience in SOC 2 compliance and our certified ISO 27001 lead auditor expertise, we provided both audits efficiently, saving the company additional time and money.