System and Organization Controls (SOC) reports allow service organizations to minimize the need for multiple auditors to assess a common set of processes and prepare to successfully meet the examination standards used by external auditors for compliance, customer requests, or general use. For service organizations looking to issue a SOC report, our readiness assessment will guide you through the stages to prepare you for a SOC examination. The approach focuses on identifying, designing, and documenting key processes, identifying controls to map to the required control objectives (SOC 1) or Trust Services Criteria (SOC 2 / 3), and developing the template of the report. We will customize our effort for particular facets of your service, and the specific control objectives or applicable criteria.
CISSP, CISA, QSAInformation Assurance and Security Lead
Member of ISC2 and ISACA
Kevin is a partner at The Cadence Group, where he oversees the firm’s data security and privacy assurance services, including SOC Reporting, PCI Compliance, Penetration Testing, and GDPR services. Kevin regularly speaks at industry conferences and local chapter events on the topics of data security and compliance. Kevin has been with Cadence since 2008, and was previously with EY in their Houston and San Antonio, Texas offices.