GAVS Tech has SAAS products and services addressing customers across the globe.
The process of SOC 2 Type 2 attestation involved taking the organisation through the following steps (not exhaustive)
· Understanding the organization business and SOC 2 context
· Establishing business objectives
· Gap analysis – standard has SOC 2 applicable trust principles
· 3 phase risk assessment
· Risk remediation support
· Documentation of policies, and procedures ensuring they are embedded in business processes
· Measurement of controls
· Training – All employees receive standard training
· Internal Audit
With this, GAVS tech was able to reduce enterprise risk and create a governance framework that ensures enterprise risks are tracked and monitored successfully.
Finally, an unqualified report from the CPA demonstrated the joint implementation effort of both consultant and client in its successful endeavour.