We are in the process of hiring an auditor in order to become SOC 2 compliant and would like to know if there's some kind of official auditor listing available, or at least a certification or AICPA endorsement we should be looking for.
-
Isn't this a question for AICPA? – schroeder Nov 08 '16 at 06:51
-
We did ask directly, however, they haven't reached back yet. I figured this would be the next best thing, since someone in the community may have been through the process already and be willing to share some insights on how to get a qualified auditor. Should I reword my question? – rebagliatte Nov 08 '16 at 07:06
1 Answers
You would be better served by looking for how much experience the person has in auditing the Trust Principles contained within a SOC 2 - Security, Confidentiality, Availability, Privacy, and Processing Integrity. I am working in the IT Security profession as an IT Auditor and it has been my experience that experience matters more than any particular certification. However, relevant certifications such as CISA or CPA does provide an objective measurement of your expertise
Ideally, the person is a licensed CPA with the authority needed to complete an independent attestation, and depending on the types of internal controls management states to be in place, has special certifications such as the Certified Information System Auditor (CISA) awarded by ISACA.
- 1,736
- 1
- 12
- 22