Shop Services

SOC2

Live Chat



     

    Are you an organization in a sensitive data network looking to secure SOC1 or SOC2 type 1 or 2 compliance?

    Cloud Armory is a trusted and experienced AWS Partner with over a dozen AWS networks of 20+ instances under management and we’re well experienced in SOC1, SOC2 type 1, and SOC2 type 2 audits. Whether that network was newly developed or inherited (even in the messiest of situations), we’re adept at authoring/editing compliant Infosec Policies and deploying compliant workstation endpoint security and network security measures required to meet your required standards.

    Not sure which audit type is for you (SOC1, SOC2 type 1, or SOC2 type 2)? We can provide FREE guidance. Regardless of which path you take, we can help!

    Which SOC is right for me?

    • SOC 2 Type 1/2: SOC 2 is a broad scope security framework that aims at verifying that your organization is following its own rules pertaining to a collection of SOC 2 scope key controls. These controls are categorized to address broad topics such as availability (uptime) of services to your customers, and security, confidentiality, and privacy of your customers’ data as well as your own. Similar to SOC 1, the SOC 2 is conducted by a certified public accountant (CPA). What differentiates SOC 2 Type 1 and SOC 2 Type 2 is that the Type 1 audit is performed to evaluate that your controls are in place whereas the Type 2 audit evaluates whether your organization has been following the security standards identified in the Type 1 audit, over a certain period of time, and tests are performed to ensure that these measures remain in place and have continued to be followed.
    • SOC 1 Type 1/2: SOC 1 is commonly intended for issuers of financial reporting. In a broadly definitive sense, a SOC 1 report evaluates the internal controls of a service organization that may impact financial reporting in order to comply with the Sarbanes-Oxley Act. That’s typically software or CPAs that are generating financial reports that might be used for things like tax filings and fundraising. The goal of the SOC 1 framework is to ensure that the security and accuracy of the data being reported is compliant with modern security standards. When companies (or people) submit their financial data to software providers, they want to know that their data is secure, safe from leaks (DLP), and that any calculations being generated are technically and mathematically sound. A SOC 1 achieves this goal. The SOC 1 is conducted generally by a certified public accountant (CPA). What differentiates SOC 1 Type 1 and SOC 1 Type 2 is when you’re conducting this audit in your organization’s lifecycle. The Type 1 audit is performed to evaluate that your controls are in place whereas the Type 2 audit evaluates whether your organization has been following the security standards identified in the Type 1 audit.

    Concerned about the audit process? We’ll maintain everything from your routine daily maintenance all the way through frequency based requirements, policy changes, scope declaration, evidence collection, interviews, and remediation until your QSA issues an AOC and beyond, with minimal effort required on your end.

    Our network engineers will even help you reduce your costs along the way.

    Why Cloud Armory?

    Cloud Armory is a trusted and experienced partner with several SOC QSAs and hosting networks including GCP and AWS. We manage hundreds of endpoint workstations, mobile devices, and network instances year-over-year and through full audit and AOC issuance. Whether your network was newly developed or inherited (even in the messiest of situations), we’re well suited to quickly roll-out a compliance security posture. We understand that your business may rely on your AOC for business critical partnerships, so we guarantee you’ll succeed, exploring all avenues available and necessary.

    Your performance, security, and up-time are critical to your bottom line, so it’s no wonder that you want to be compatible with SOC 2 scope controls such as availability and security. Whatever controls you choose to include in-scope, we’ll evaluate your network architecture and security posture, review your service configurations for performance against stressors, stand up vulnerability scanning, antivirus, file integrity monitoring, and intrusion detection, strengthen your network security controls to the quality standards of SOC, and support your network on an ongoing basis for overall performance, regular patch management, incident response procedures, and routine maintenance.

    Pricing

    We offer 2 main methods of payment*:

    • Project Based: 2-part payment occurring at the outset of your audit and upon completion of the AOC
    • Monthly Payment Plan: The lump sum of your projected audit costs are split monthly over the course of your contract period.

    *We anticipate the cost of your audit based on past audit experiences but every your security posture may be subject to greater or lesser scrutiny just as well as evidence may be automated or manually collected. These all contribute to overall cost variance. We will gather that information at the outset in order to provide you a clearer expectation of cost. We routinely under-bill for this service, so you can come to expect value.

    Get Your Quote Or Sign-Up

    Fill out and submit the form on this page to be contacted by one of our representatives.

    Within 24 hours of submitting the request, one of our expert representatives will contact you to learn about your business and start the conversation. Learning about your business and the problems you are trying to solve will help us find the best Cloud Support solution for you.

    Not convinced yet? Check out our Case Studies Page to see more of our work.