Let's Get Together
 

Internal Control over Security, Availability, Processing Integrity, Confidentiality and PrivacySystem and Organisation Controls (SOC 1)

  • Control Design, Documentation, Ownership, Internal Audit, and Measurement leading to successful SOC 2 Attestation
  • 7 Phase Successful SOC 2 Implementation
https://ovetix.com/wp-content/uploads/2020/11/o-shaped-11.png
bt_bb_section_bottom_section_coverage_image
https://ovetix.com/wp-content/uploads/2020/11/o-shaped-51.png

SOC 1 Implementation Overview

Service Organisation Controls (SOC) 1 aims to protect the interest of the user entity while receiving services from the service organisation.

Upon implementation of the framework, it is a demonstration of internal control over financial reporting (ICFR). We have a 6-phase Methodology, to help you achieve successful SOC 1 compliance.

What is SOC 1?

Service Organization Controls (SOC 1) is aimed at assuring a user entity that there are adequate Internal controls over financial reporting (IFCR).

Contact Us
https://ovetix.com/wp-content/uploads/2020/11/G_Ovetix-Service-Org.png
bt_bb_section_bottom_section_coverage_image

Project Phases

We have a structured approach to determine the applicable list of risks and controls that are required to achieve SOC 1 attestation. Our 6-phase approach ensures that the service organisation has adequate ‘internal controls’ to assure any Certified Public Accountant (CPA) for issuance of SSAE 18 in USA, and professional accountant in public practice for issuance of ISAE 3402, globally.

PHASE IDetermination of Objectives

This phase involves determining key business objectives, from user entity, as well as of the service organisation.

PHASE IIGap Analysis

This phase involves performing gap analysis of the above listed objectives on one hand, and the applicable SOC 1 controls and risks, on the other. We provide solution for all identified gaps.

PHASE III Control Design and documentation

This phase involves our methodology that involves distribution of risks, and control responsibility to internal stakeholders. This also includes nomination of key roles such as risk officer – who will drive the ongoing compliance.

PHASE IVTracking

This phase involves tracking the client risks, documentation and self-compliance on a weekly basis till all internal controls are adequately implemented.

PHASE V Performance Tracking

This phase involves measuring internal control changes on a scale of 0-100%. This gives assurance to internal stakeholders that the processes implemented are adequate (or at risk). If there are deviations or risks identified, they are treated.

PHASE VIInternal Audit

Internal audit followed by a formal review of the program gives organisation an independent perspective, and enables them to be ready for final attestation.

Impact after completion of Phases

At this stage the client has implemented the governance system in completeness. Generally upon completion of one month of this, the organisation can achieve SOC 1 – Type 1 attestation, and upon completion of 6 months, the client can achieve Type 2 attestation. Here the assumption that all risks are under control that will give adequate assurance to the user entity.

What is ISAE 3402?

Attestation standard used by global professional accountants to attest SOC 1 controls.

What is SSAE 18?

Attestation standard used by US based CPAs to attest SOC 1.

Call or write to us at :

info@ovetix.com

for proposal / roadmap / information

Let's Talk Business!

Tell us about your challenge to start working on a solution
Contact Us

OVETIX

https://ovetix.com/wp-content/uploads/2021/08/maps_image-1.png

Quick Links

Services

Connect

©2021 Ovetix. All rights reserved