SSAE18 (SOC 2)

SSAE18 (SOC 2)

SSAE18 (SOC 2)

The AICPA issues the Trust Services Criteria (TSC) that outlines COSO objectives to be implemented by organizations wishing to issue a SSAE18 SOC 2 report. The TSC defines objectives within the following domains.

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy

Organizations that implement SOC 2 are required to design a set of controls to meet the TSC objectives and generate their management attestation and system description report.

Why SOC 2?

More and more organizations are requiring service providers to comply with SOC 2 and issue reports as it helps them understand the security posture of their providers control environment and service.

It is often a competitive advantage to sell more services over their competition for providers that do not have SOC 2 certification.

Tools and Templates built on Atlassian

Document Templates

System Description Template

Risk Assessment

SOC 2 Control Scorecards

Control Scorecards

Audit program

Audit Program

Evidence repository

Agility is pre-configured with all the tools and templates you need to implement your SOC 2 program.

Easily track program status, control compliance, document status and remediation all within your or Ekko hosted Atlassian Cloud instance.

process

icon Start your SOC 2 Program

Agility provides you everything you need to start your SOC 2 program

  • Scope guidance and templates
  • Defined, roadmap project plan and milestones
  • Control remediation dashboards and reports

icon Create Information Security Policies & Procedures

Pre-built SOC 2 compliant policy templates

  • All policies required to support SOC 2 domains

iconGap Analysis and Scorecard

Establish your control baseline and program starting point

  • Generate control scorecard and reports
  • Define your remediation and implementation roadmap

iconSelect Certification CPA firm

SOC 2 requires an external CPA firm to conduct your certification audit

  • SOC 2 Readiness assessment
  • SOC 2 Type 1 Design Assessment
  • SOC 2 Type 2 Attestation Audit

icon Program Implementation

Agility provides you all the tools to implement, track and remediate your Information Security program

  • Remediation and control improvement task tracking
  • Reporting and dashboards
  • Reminders and scheduling

icon Internal Readiness

Conduct your Internal readiness assessment inside Agility

  • SOC 2 readiness assessment
  • Pre-built audit test cases
  • Generate and manage control evidence

icon Certification

Conduct your SOC 2 certification audit with your selected registrar audit firm

  • Get certified
  • Conduct annual audits

icon SOC 2 Maintenance

Agility helps you maintain your ISMS

  • Pre-built SOC 2 task templates
  • Schedule and track ongoing activities
  • Maintain evidence