Astute Business Solutions Completes SOC2 Assessment

A SOC 2 report  addresses risks associated with the handling and access of data, and can be used by a variety of organizations of any size (e.g. SaaS, colocation, data hosting, etc.) Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate the identified risks to the different parts of an organization.

The SOC 2 audit testing framework is based off of the Trust Services Criteria (TSC), which are used to identify various risks (points of focus) an organization should consider addressing. Based on the TSCs the organization selects to be in-scope, the third-party compliance and audit firm (in our case, A-LIGN) evaluates whether the organization has the appropriate policies, procedures and controls in place to manage the identified risks effectively.

There are five Trust Services Criteria. The first criteria, Security, must be included with every SOC 2 report and is referred as the “Common Criteria”.  The remaining four are optional to include:

1. Security (required)
2. Availability (optional)
3. Processing Integrity (optional)
4. Confidentiality (optional)
5. Privacy (optional)

In order to pass a SOC 2 examination and receive a letter of attestation successfully, it means an organization is addressing controls in areas such as information security, access control, vendor management, system backup, business continuity and disaster relief, and more.   

Astute Business Solutions will make the SOC 2 report available to current or potential customers upon execution of a non-disclosure agreement.  We hope the steps we have taken help you and your IT teams remain confident in knowing that your data is secure with Astute Business Solutions.  To learn more about our security policies and initiatives, please contact us.   

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to help mitigate cybersecurity risks. A-LIGN uniquely delivers a single-provider approach as licensed SOC 1 and SOC 2 Assessor, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, HISTRUST CSF Assessor firm, accredited FedRAMP 3PAO, candidate CMMC C3PAO, and Qualified Security Assessor Company. Working with small businesses to global enterprises, A-LIGN experts and its proprietary compliance management platform, A-SCEND, are transforming the compliance experience.