SOC 2 Gap Analysis

This is one of URM’s most popular services and which typically starts with a project planning and scoping workshop.  Here, our consultants will help you clarify and determine your optimal scope, as well as identify which of the SOC 2 criteria and controls will be subject to formal assessment.  The workshop will help in identifying system architecture, processing and staff within scope, along with relevant third-party suppliers and their role in supporting service delivery.

Having identified the relevant SOC 2 criteria and controls, URM will work with you to conduct a detailed assessment of these controls against the SOC 2 requirements.  The goals of the gap analysis will be to:

• Determine if your controls implementation meets the requirements of SOC 2
• Identify what further action is required to secure compliance with SOC 2
• Help you understand the efforts, resources and timescales required to achieve a positive external assessment.

Why URM for SOC 2?

Track record

URM has a 17 year track record of providing high quality consultancy and training support, assisting organisations improve their information security (IS) and information governance posture and capabilities.  A particular niche skill is helping organisations to conform or certify to ‘best practice’ international (IS) standards such as SOC 2 and ISO 27001.  URM is particularly adept at developing existing frameworks to meet the requirements of these standards or building on existing ISO 27001 ISMS’ to achieve SOC 2 conformance.  Having assisted over 400 organisations to achieve world recognised standards, URM has worked with organisations of all sizes from micro businesses to multi-national organisations and from all the major market sectors.

Tailored approach

URM is renowned for adopting a highly tailored and bespoke service where its consultants are constantly striving to deliver sustainable solutions that meet both the current and future needs of the client organisation.

Flexible delivery

When transferring knowledge on meeting the requirements of SOC 2, URM can deliver this through various delivery mechanisms, i.e., through one-to-one support, workshops or training courses.  Furthermore, when delivering remediation services to address gaps,  URM’s support is tailored and flexible, based on the client’s requirements, internal knowledge and available resources.  Support can be delivered on an activity-per-activity basis or where a consultant is allocated on a recurring basis, e.g., 1 day a week. Such an engagement helps to ensure that remediation activities are followed through, remain compliant and that sufficient evidence for the audit is generated.