SOC Attestation Services Case Studies
Home SOC Attestation Services Case Studies

SOC Attestation Services Case Studies

SOC Attestation Services Case Studies

Healthcare BPO based in Bangalore & Florida-US

Florida US based parent, Indian BPO subsidiary based in Bangalore

First time SOC 2 certification – 4 Trust Services Criteria in scope

  • SOC 2 Type II certification
  • Florida-based parent company gets the contract, fulfilled by the Indian subsidiary
  • Main work is assistance in claims processing – but no data transferred / moved out of US (view only work and processing output stored in US based systems with access & data storage-related controls in place)
  • Like most HIPAA-impacted BPOs – staff only access data & systems located in the US through systems based in India. HIPAA compliance not in scope
  • Access controls, Data Loss prevention, Confidentiality, Security & Availability main concerns
  • Was an attest engagement for us, with a partner having completed SOC Readiness assessment and Gap identification and remediation
  • Attestation work completed in approx. 7 weeks

Data Centre offering CoLo Services – MEA Region – SOC 2 Type I & II

First time SOC 2 Type I assessment , followed up with a Type II

Security & Availability criteria in scope

  • First-time SOC 2 assessment
  • “Remote Audit” done in COVID times
  • Full use of technology to perform virtual site visit amidst COVID. Microsoft holo lens / online video tools to walk us through the physical access controls in the Middle Eastern coastal country
  • Gap assessment & Attestation performed by EntPerMaSys. Remediation measures implemented by a partner entity
  • Completed in 6-8 weeks timeframe (Type I) and 12 weeks (Type II)

Data Archiving Platform – India & US based - SOC 1 & SOC 2 Type II

Repeat SOC 2 & SOC 1 Type II attestations for India listed company’s US subsidiary with a “Group Holding” structure but only select subsidiaries scoped

Security, Confidentiality & Availability Criteria in scope

  • SOC 2 Type II and SOC 1 Type II
  • SOC 2 completed almost 1 week ahead of agreed schedule, SOC 1 completed 3 weeks ahead of schedule due to urgency expressed by client (customer sign-ups on hold due to SOC re-certification requirements)
  • Noticed some gaps in previous SOC 1 attestation – which we brought up with the client prior to starting the work
  • Took them on board wrt the gaps and suggested changes for a more robust SOC 1 report
  • Completed 2nd year follow-on SOC 2 Type II & SOC 1 Type II attestation

India & US based – Startup using AI/ML based platform for Banking Industry

First time SOC 2 Type II certification for AI/ML based Loan application processing platform that did not directly collect PII / SPI from applicants
  • Started with Privacy being not in scope
  • Audit client’s own initial internal assessment was that B2B model did not require inclusion of Privacy criterion
  • Our advice on the applicability of the Privacy criteria was well appreciated – given the industry vertical (Banking/ Financial analytics) and usage of AI / ML algorithms in processing PII / SPI
  • SOC 2 Type II completed in 10 weeks (attestation – with prep work done by a partner)
  • Although the overall attestation was delayed due to the inclusion of additional criteria initially not in scope – final report was more usable and relevant for user entities of the service organization
  • Audit client is a happy multi-year repeat customer now

Get In Touch

No 6, Ward No 65,
Vinir Towers, BDA 1st Stage,
BTM Layout, Bengaluru,
Karnataka 560068.

500 DELAWARE AVE,
STE 1 1960, WILMINGTON ,
DE 19899, USA.

© 2024 EntperMasys

.Distributed By: Soumiz