SOC2 Compliance made Easy

SOC2 is an audit procedure designed by the AICPA to measure the cybersecurity maturity of an organization. There are many reasons that you might need to undergo a SOC2 audit including vendor requirements, building trust in the marketplace, and requirements from business partnerships. Touchstone Security can help you prepare for and pass a SOC2 Audit with flying colors. Our team has extensive experience in helping Mid-Sized Businesses and Enterprise build high performance cybersecurity programs that provide real and meaningful protection without the need to spend excessive amounts of money. Our SOC2 Compliance Services can help your company improve security, meet compliance, and reduce friction.

Get a free 60-minute compliance evaluation with a senior-level CISO

Fact Finding and Comprehensive SOC2 Assessment

Every SOC-2 Compliance engagement begins with a comprehensive gap assessment. We will carefully examine your current security program, policies, staff, and technology and compare them against best-practices outlined in SOC-2. This phase typically lasts 1-3 weeks depending on the complexity of your IT infrastructure, company size, and existing security protocols. At the end we will deliver a written gap assessment report to show where your security is right now, and where you need it to be with a detailed roadmap of how to get there. This report will outline the current state of your IT infrastructure and additional people, processes, and technology that will be required to achieve SOC-2 compliance.

SOC2 Controls Implementation

During the next phase we will work with your internal IT team to implement security and privacy controls to come fully into line with SOC-2. We always work to ensure that we use as much existing security software and infrastructure as possible to bring costs down. Throughout the implementation phase, we focus on solutions that are both SOC-2 Compliant and will provide real, measurable security benefits to your organization. We will address the following areas:

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy

We typically expect SOC-2 implementation to take between 2 weeks and 4 weeks depending on the size and scope of existing IT infrastructure and security protocols. As always, our focus is on implementing security technology and protocols that don’t slow down critical business functions and provide cost-effective improvements to your security posture.

Touchstone was amazing to work with! We had some issues with our systems and integration of new programs. We felt that the security of our systems was not up to the best standards. The CEO, Richard Shinnick, personally came over and evaluated our systems. He was able to pinpoint the holes in our systems immediately and fix any potential issues before they ever happened. One of the best IT Firms I have ever worked with. Thank you Touchstone!

Ameen Nassiri, SPS Worldwide LLC

Rich and his team are remarkable. While at Columbia University Teachers College, they helped us plan/implement several large scale projects including ubiquitous wireless deployment and a firewall implementation. Rich has an extensive IT background and is an all around great guy to work with. I recommended that we bring his team in at St. John’s as well. They were able to come in, assess the situation, and provide the same fantastic results. I highly recommend Rich and his team.

Elise Lowenstein, Columbia University

Rich brings solid IT security experience along with immense integrity in the work he has performed for IntegraMed. All of his projects were completed on time and within budget. His track record of delivering reliable concept to reality projects under the pressures of a high availability and heavily compliant environments precedes him. I endorse Rich personally and professionally and look forward to working with him again on future projects.

Vijay Reddy, IntegraMed America

Rich is deeply technical and very thorough, but most of all he is a very honest person. He can make any technical jargon simply to understand in layman terms and help you understand what he is proposing so all know the benefits that is being recommended and implemented. I would work with Richard again on any project initiative that I maybe involved in the future.

Clive Fernando, PNC

We needed a security sharpshooter to assist with responding to the stringent requirements of a major academic healthcare system based on a comprehensive audit of our platform. Touchstone expertly facilitated our response and created the missing programs and policies necessary to satisfy our needs.

Kenny Schiff, Caresight, Inc.

Touchstone Security specialists completely blew away our most experienced and technically strong managers and some of our best people in infrastructure and security. Richard was in their words “a perfect 10.” He not only addressed the issues we asked him to look at but identified other areas of improvement in our security posture. Our team rated them “a perfect 10”!

Michael Ferranti, BuyerGenomics

SOC2 Review

Once we have completed the implementation phase we will review your new, updated SOC-2 compliant security program with you. We will go over: 

  • Security Policies and Procedures 
  • Privacy Policies 
  • Additional Security Software 
  • End-User Training 
  • Additional Security Procedures 
  • Any Significant Vulnerabilities that we discovered 

We aim to leave you with a SOC-2 compliant security program that you can leverage to achieve compliance goals and reduce the risk of a catastrophic breach. By complying with SOC-2, you are also likely meeting many requirements laid out by other compliance regulations such as the HIPAA Security Rule, PCI DSS, the NYDFS Cybersecurity Regulation and others. We will work with you to help ensure that you are meeting applicable regulations specific to your industry.  

Why Choose Touchstone’s SOC2 Compliance Services

Touchstone Security is a veteran-owned, New Jersey Managed Security Services Provider based in Allendale. We focus on helping companies build world-class cybersecurity programs using the NIST Cybersecurity Framework. We have extensive experience working with clients ranging from the U.S. Army and Goldman Sachs to Walt Disney. Creating a highly effective cybersecurity program has never been more critical than it is now, and our experts are equipped with decades of experience and a proven track record of going above and beyond for our clients

Get a free 60-minute compliance evaluation with a senior-level CISO