top of page

SSAE 16 | SOC 1 | SOC 2 Preparation

As the requirement for Service Organizations to be reviewed for their financial and operational control began with SAS 70 and evolved to SSAE 16 SOC 1, SOC 2 (including Type 1 and Type 2), MCS has assisted over 20 Service Organizations with an efficient and cost effective approach to prepare for the review by a CPA firm.  Costs for a review can be driven down by 30-40% through MCS involvement in identifying and documenting operational and financial controls and ensuring that tests of the controls will yield a positive result.  MCS services related to SSAE 16/SOC 1/SOC 2 include the following:

  • Use of “best in class” TPA or sub-service organization control descriptions to test the Service Organization’s capabilities and determine where enhancements or alternatives may need to be implemented;

  • Documentation of the Service Organization’s controls across potential areas of control, including organizational structure and management oversight, human resources, physical security, logical security, specific operational controls and financial controls;

  • Development of procedures for monitoring controls and measuring the effectiveness of controls;

  • Preliminary testing of controls similar to that which will be completed by the CPA firm during the actual review process; and

  • Assistance with contracting of a CPA, navigating the Engagement Letter process and support while the CPA is on-site completing their review.

bottom of page