Our experienced SOC2 consultant will work with you to perform a detailed gap assessment. The engagement will generate a detailed list of control strengths and gaps as you prepare for your SOC2 Type 1 or Type 2 audit.
We will work with you to:
• Confirm operating goals (e.g. sales, contractual obligation)
• Clarify the lines of business and stakeholders to be included in the engagement
• Identify which trust services criteria to assess (common criteria/security, confidentiality, availability, processing integrity, privacy)
• Discuss and plan for other considerations (e.g. timing, Type 1 vs. 2, auditor restrictions)
Tailored to your needs, may cover the five Trust Services Criteria (TSC)
Security, Availability, Confidentiality, Privacy, Processing Integrity may be covered over approximately 12, 2-3 hour workshops, diving into depth and helping you understand the principles and how to align your organization’s policies and procedures to be ready for an audit.
1. Identify key accountabilities within the organization
2. Schedule and conduct interviews with key personnel to respond to the SOC2 control requirements
3. Document activities which fully/partially satisfy the criteria
4. Examine artifacts (e.g. policies, procedures, technologies)
5. Identify gaps (e.g. lack of process or documentation, inadequate tooling)
6. Analyze findings and prepare recommendations
7. Generate report (excel spreadsheet with compliance data and statistics, e.g. %compliant, etc)
8. Generate an itemized Roadmap with high-level effort and cost estimates
9. Presentation (as deemed appropriate by management)
As part of this agreement, additional support is available on a time and materials basis from our SOC2 specialist at a reduced rate of $200/hour. Any additional hours must be agreed in writing between Kobalt.io and client organizations prior to engagement, but a separate agreement is not required. Hours delivered will be invoiced monthly. Remediation is not included in the gap analysis, but estimates of support costs associated with remediation are provided.