Third Party Assurance Services – SOC 1, SOC 2 and ISAE 3402
Outsourcing is a feature of modern business with many companies choosing to engage specialist third parties to provide services on an outsourced basis using skills or solutions that they do not have in-house.
There is a heightened focus on the need for effective oversight of the risks associated with outsourcing and our third-party assurance service line is designed to provide companies with such assurance.
Companies that specialise in managing outsourced processes are generally required to provide assurance to their clients in the form of a third-party assurance certification such as SOC 1, ISAE 3402 or SOC 2. Such assurance is often required in order to attract new customers or retain existing clients.
Mazars provide a full suite of third party assurance services to clients across the following third-party assurance standards;
- SOC 1 and ISAE 3402: An assurance report that focuses on a service organization’s system of internal controls that are relevant to the internal controls over financial reporting
- SOC 2 (and SOC 2+): An assurance report that focuses on a business's non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system
- SOC for Cybersecurity: An assurance report that focuses on an organizations' enterprise-wide cybersecurity risk management program.
- Agreed Upon Procedures(AUP): an audit on a specific test or business process
In relation to these standards we provide;
- Planning services: assistance with scoping and preparing the documentation required for a third-party assurance audit
- Readiness assessment: performance of testing to identify gaps between existing controls and those required to obtain an unqualified audit report.
- Audit services: performance of a SOC 1, SOC 2, ISAE 3402, SOC for Cyber or AUP audit
IT Audit & Security Brochure
Information is one of the most important assets in any organisation and technology is the key tool employed in the management of these assets, but it is not always a tool that is managed well.