SSAE 16 | SOC 1 | SOC 2 Preparation
As the requirement for Service Organizations to be reviewed for their financial and operational control began with SAS 70 and evolved to SSAE 16 SOC 1, SOC 2 (including Type 1 and Type 2), MCS has assisted over 20 Service Organizations with an efficient and cost effective approach to prepare for the review by a CPA firm. Costs for a review can be driven down by 30-40% through MCS involvement in identifying and documenting operational and financial controls and ensuring that tests of the controls will yield a positive result. MCS services related to SSAE 16/SOC 1/SOC 2 include the following:
-
Use of “best in class” TPA or sub-service organization control descriptions to test the Service Organization’s capabilities and determine where enhancements or alternatives may need to be implemented;
-
Documentation of the Service Organization’s controls across potential areas of control, including organizational structure and management oversight, human resources, physical security, logical security, specific operational controls and financial controls;
-
Development of procedures for monitoring controls and measuring the effectiveness of controls;
-
Preliminary testing of controls similar to that which will be completed by the CPA firm during the actual review process; and
-
Assistance with contracting of a CPA, navigating the Engagement Letter process and support while the CPA is on-site completing their review.