{{item.videoDuration}}
{{item.title}}
{{item.videoDuration}}
SOC 2+
Strengthening Trust and Increasing Transparency
What is SOC 2+?
Vendor Controls Attestation (SOC 2+), is built upon AICPA SOC (Service Organization Controls) 2 reporting principles that allows an independent, standardized assessment to be performed over vendor operations to eliminate or reduce the time needed to complete the vendor questionnaire process. In addition to the most commonly used principles covered in SOC 2 reports (security, availability and confidentiality), SOC 2+ also provides coverage on additional principles and criteria based on the specific assurance requirements of customers.
How we help our clients
PwC can help you by performing:
- Conducting an independent assessment of the organization’s alignment with SOC 2 and other relevant criteria based on the specific assurance requirements of customers such as ISO 27001, NIST CSF, and COBIT 5 prior to applying for certification.
- Providing assistance on control gap analysis and remediation into increasing an organization’s control maturity in order to meet SOC 2+ requirements.
Why are we qualified to help
PwC has engaged recurring third party assurance report engagements with different organizations ranging from back office solutions, research and development, healthcare, and technology service providers among others. By bringing together our industry-specific skills in technology, regulatory compliance, finance and accounting and other business processes, our team has helped multiple clients identify and mitigate risk and enhancing trust and transparency with their customers.
We have also worked with other PwC offices (under direct supervision) in assessing the Global ISAE 3402 Type 2 and GS007 reports over the Share Service Center's (SSC) controls related to the trade operations across different market segments.
Our team's combined credentials are composed of the following:
- Certified Public Accountant (CPA) in the Philippines
- Certified Information Systems Auditor (CISA)
- Certified in COBIT 5 Foundation Level (CCOBIT5F) and Implementation (CCOBIT5I)
- ISO Lead Auditor for Business Continuity Management Systems (ISO 22301:2012) Course Passer
- ISO Lead Auditor for Quality Management Systems (ISO 9001:2008) Course Passer
- ISO Information Security Management System Auditor/Lead Auditor (ISO 27001:2013) Course Passer
- Quality Assurance Improvement Program (Quality Assurance Review) Course Passer
The following selected citations represent engagements where we have helped clients:
PwC helped a BPO company for customer care, sales, IT and back office solutions in a SOC 2 Type 1 (under TSP 100A) engagement that focus on the review of the suitability of the design on current set-up of identified services/processes to understand the internal controls as it relates to the Trust Service Principle for Security.
PwC was engaged by a leading software development company in its SOC 2 Type 2 (under TSP 100A) engagement that focus on the review of the suitability of the design and operating effectiveness of controls as it relates applicable Trust Service Principles for its core operations.
A cloud-based solution company for product management and innovation tool partnered with PwC in a SOC 2 Type 1 (under TSP 100A) engagement that focus on the review of the suitability of the design on current set-up of identified services/processes to understand the internal controls as it relates to the Trust Service Criteria.
SSAE 18 (SOC 2) Type 2 engagement was provided by PwC to a leading provider of research and development solutions that focus on the review of the suitability of the design and control operating effectiveness relevant to research and development (R&D) processes as it relates to the Trust Service Criteria.
Research and insights
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}
Related Content
Contact us
Follow PwC Philippines
