Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on SOC 2 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

Team of Experienced
SOC 2 Consultants

If you need to comply, attest, or prepare for
a SOC 2 report (be that Type 1 or Type 2)
URM provides a full range of services.

SOC 2 Consultancy Services

If you’re looking to understand whether SOC 2 is the right approach for you, what efforts are required to comply or attest, or prepare for a SOC 2 report (be that Type 1 or Type 2), URM can provide you with a full range of services.

SOC 2 Gap Analysis

This is one of URM’s most popular services and which typically starts with a project planning and scoping workshop.  Here, our consultants will help you clarify and determine your optimal scope, as well as identify which of the SOC 2 criteria and controls will be subject to formal assessment.  The workshop will help in identifying system architecture, processing and staff within scope, along with relevant third-party suppliers and their role in supporting service delivery.

Having identified the relevant SOC 2 criteria and controls, URM will work with you to conduct a detailed assessment of these controls against the SOC 2 requirements.  The goals of the gap analysis will be to:

  • Determine if your controls implementation meets the requirements of SOC 2
  • Identify what further action is required to secure compliance with SOC 2
  • Help you understand the efforts, resources and timescales required to achieve a positive external assessment.

SOC 2 Remediation Support

Having identified what actions are required to secure compliance, URM can work with you to address any gaps.  With some controls, this may involve expert advice and guidance as to what is expected and how to achieve the requirements.  With other controls, such as those focused on governance, people and process, URM’s consultants can assist in the actual development of those controls by defining and documenting them.  As with all URM remediation support, this will be tailored to your precise requirements.

SOC 2 Assessment Support

Many organisations value having access to expert advice and guidance during the assessment to support evidence gathering and the presentation of control maturity.  It also helps to interpret what is being asked and to understand how best to demonstrate you are meeting SOC 2 requirements.  URMs experts are on hand to provide this subject matter expertise to ensure your assessment is successful.

SOC 2 Training and Awareness Workshop

By attending this 1-day workshop, you will be able to establish whether SOC 2 is appropriate for your organisation and how to approach acquiring a SOC 2 report and becoming SOC 2 compliant.

SOC 2 Type 2 Case Study

december 2022

Searchlight Security is a market leader of darknet intelligence and forensics with a client base made up predominantly of law enforcement agencies and managed security service providers.  Having already achieved certification to ISO 27001 in 2021, Searchlight decided that it should complete an SSAE 18 SOC 2 audit and demonstrate conformance to this Standard.  This case study focuses on how the organisation, with the support of URM Consulting Services Ltd (URM) managed to achieve a successful SOC 2 Type 2 audit within just 9 months in 2022. The case study focuses on 2 main areas.

The Key Stages (including Scoping, Gap Analysis, Type 1 versus Type 2, Preparation, Collecting Evidence and Audit Process)
Key Success Criteria (including, Internal Champion, Decisiveness, Existing Framework, Subject Matter Expertise, Senior Management Commitment).

Access the Case Study

Why URM for SOC 2?

Track record

URM has a 17 year track record of providing high quality consultancy and training support, assisting organisations improve their information security (IS) and information governance posture and capabilities.  A particular niche skill is helping organisations to conform or certify to ‘best practice’ international (IS) standards such as SOC 2 and ISO 27001.  URM is particularly adept at developing existing frameworks to meet the requirements of these standards or building on existing ISO 27001 ISMS’ to achieve SOC 2 conformance.  Having assisted over 400 organisations to achieve world recognised standards, URM has worked with organisations of all sizes from micro businesses to multi-national organisations and from all the major market sectors.

Tailored approach

URM is renowned for adopting a highly tailored and bespoke service where its consultants are constantly striving to deliver sustainable solutions that meet both the current and future needs of the client organisation.

Flexible delivery

When transferring knowledge on meeting the requirements of SOC 2, URM can deliver this through various delivery mechanisms, i.e., through one-to-one support, workshops or training courses.  Furthermore, when delivering remediation services to address gaps,  URM’s support is tailored and flexible, based on the client’s requirements, internal knowledge and available resources.  Support can be delivered on an activity-per-activity basis or where a consultant is allocated on a recurring basis, e.g., 1 day a week. Such an engagement helps to ensure that remediation activities are followed through, remain compliant and that sufficient evidence for the audit is generated.

What is the CIA Security Triad? Confidentiality, Integrity and Availability Explained

Latest update:
25 Mar

URM’s blog explains how the principles of confidentiality, integrity and availability (CIA) can help align your information security controls with best practice

Read more
Thumbnail of the Blog Illustration
Information Security
The New Threat Intelligence Requirements in ISO 27001:2022

URM’s blog discusses the changes to the requirements around threat intelligence in ISO 27001:2022 and what certified organisations will need to do differently.

Read more
Thumbnail of the Blog Illustration
Information Security
A Comparison of ISO 9001 and ISO 27001

URM’s blog compares the management system clauses of ISO 27001 and ISO 9001 to identify integration opportunities.

Read more
Thumbnail of the Blog Illustration
Information Security
The Timeline for Transitioning to ISO 27001:2022

URM’s blog, produced in collaboration with BSI, discusses the timeline for transition to ISO 27001:2022 and what you can expect from your transition assessment.

Read more
Without doubt, URM helped us to achieve our planned objectives a lot sooner than expected. The engagement was a huge success and couldn’t have gone any better.
Group IT Director, UK Mail
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.