SOC 2 Documentation Toolkit
We provide documentation toolkit to meet Service Organisation Controls (SOC 2) attestation requirements.
SOC 2 has 5 principles, which are listed below.
- Common Criteria Security: The system is protected, both logically and physically, against unauthorised access.
- Availability: The system is available for operation and use as committed or agreed to.
- Processing Integrity: System processing is complete, accurate, timely, and authorized.
- Confidentiality: Information that is designated ‘confidential’ is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with the privacy principles put forth by the American Institute of Certified Public Accountants, and the Canadian Institute of Chartered Public Accountants (CICA).
Based on an initial assessment, we determine applicable principles, which we then document and share with you for implementation.
Our documentation is a result of consulting assignments, which has been tested by client who implemented these, and subsequently attested by CPA firms.
In each document there is an opportunity to know the baseline requirements that needs to be defined, as well as, subject specific process/procedure/records – which Coral considers best practice for implementation and continuous monitoring.
- An initial questionnaire to determine applicable business objectives
- Suitable templates designed for demonstration of ‘internal controls'.
- Aligned with international best practices of COSO, and IT Security Controls (not exhaustive)
- Documentation is provided in a sequential flow that enables an organisation representative an approach for implementation.
- An assurance that if you follow our documentation, you cannot fail in both conformance and implementation of the best practices for your own organisation.
If you need to see sample documentation or an understanding of the approach for documentation, please call or write to us.
If you have any additional questions or clarifications, please do not hesitate to call or write back to us.