Information Security Compliance

Information Security Compliance

Why Us?

When a Company shares their sensitive information with a vendor, they need to make sure it is being handled and protected appropriately. More than ever before, vendor management teams are looking for third party independent validation that their vendors and potential vendors have controls in place sufficient to protect their sensitive data.

We know that nobody enjoys going through an “audit,” but our team at DDS has spent countless hours putting together programs that demystifies the control frameworks and automates much of the evidence gathering required for us to be able to issue our independent third-party opinion. We leverage technology to make this process as painless as possible, while adding value. You are left with a strengthened security posture, and a thorough, professionally written report that can pay countless dividends in your sales and client retention efforts.

SOC 1®

These reports are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors), in evaluating the effect of the controls at the service organization on the user entities’ financial statements.

SOC 2®

SOC 2 reports are the gold standard in demonstrating to your clients and prospects that you have sufficient controls in place, that are operating effectively, to meet relevant control objectives. A SOC 2 examination is a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.

Boiling it down, the SOC 2 framework help you answer, and give independent third-party verification, to the following question: “How can we trust that you will protect our sensitive data and meet the service commitments you are promising to us?”

SOC 3®

These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity confidentiality, or privacy, but do not have the need for or the knowledge necessary to make effective use of a SOC 2 Report. Because they are general use reports, SOC 3 reports can be freely distributed.

SOC for Cybersecurity

Similar to a SOC 2 examination, SOC for Cybersecurity focuses on an organization’s cybersecurity risk management program. SOC for Cybersecurity is different from SOC 2 in that it is intended for any type of enterprise, not just service organizations. SOC for Cybersecurity affords a company the opportunity to provide their partners (i.e., customers, stakeholders) assurance that they are committed to cybersecurity best practices.

ISO 27001 Internal Audit

For organizations seeking to implement an ISMS in hopes of becoming ISO 27001 certified, DDS can help! Clause 9 of the ISO 27001 standard requires an organization to have an internal audit of its ISMS performed at least annually. The standard requires the organization to select auditors and conduct audits that ensure objectivity and impartiality of the audit process, meaning it should not be performed by someone internal to the organization who is involved in designing, implementing, and maintaining the ISMS. This is difficult for most small to medium sized organizations that do not have a distinct internal audit department. DDS can cost-effectively perform the internal audit function to prepare your organization for your ISO 27001 certification audit and to meet the annual internal audit requirements described in Clause 9. During the internal audit DDS focuses on evaluating your organization’s current ISMS against the ISO 27001 requirements. Our internal audit process aims to be as minimally invasive as possible, while still achieving a value-add list of recommendations that will satisfy the needs of your certifying auditors. We provide a detailed assessment of your compliance, including any gaps, possible nonconformities, as well as opportunities for improvement. DDS has consulted with various certifying auditors to ensure that our internal audit program and reporting methodology are aligned with expectations and give your organization the intended result.

HIPAA

For organizations operating in the healthcare industry, demonstrable HIPAA compliance is becoming table stakes. Other than attesting to compliance yourself, there are a couple of ways we can help you demonstrate your compliance to interested parties.

SOC 2+

A SOC 2+ goes beyond a traditional SOC 2 examination and includes additional criteria, such as those related to HIPAA compliance. The AICPA’s Trust Services Criteria share a lot of parallels with the requirements set forth by the HIPAA Security and Breach Notification Rules. The benefit of combining SOC 2 and HIPAA is that auditing both together will result in a more efficient and cost-effective use of resources. By conducting a SOC 2+, an organization can avoid redundant assessments, reduce audit fatigue among employees, and minimize audit-related disruptions to business operations. The final result will be a comprehensive SOC 2 report that also demonstrates your compliance with HIPAA.

HIPAA Compliance Examination

A HIPAA compliance examination is similar in process to a SOC 2+. However, the criteria used to evaluate your system of control is limited to the requirements set forth by the relevant HIPAA rules and not the AICPA Trust Services Criteria. Also, the deliverable is a much simpler report, usually consisting of only a few pages.

GDPR

A GDPR (General Data Protection Regulation) compliance audit is an independent assessment of an organization’s compliance with GDPR.

The purpose of a GDPR compliance audit is to help organizations ensure that they are meeting their obligations under GDPR and to identify areas where they may need to make improvements.

NIST Cybersecurity Framework (CSF)

NIST CSF collects best practices from other standards and guidelines, allowing an organization to choose the best for them based on risk. NIST CSF can be utilized for any size organization within any sector.

See what our clients are saying.

Dansa D’Arata Soucia has been a trusted partner of ours for over five years. As a fast growing SaaS startup, DDS provided us with the necessary guidance, tools, and knowledge to help us secure SOC 1 and SOC 2 attestation within our level of resources and budget. Additionally, the DDS team has helped improve our information security program by providing feedback on how to implement better controls that are highly valued in our industry. The audit team is highly professional, responsive, and conducts the audits without any disruption to our business operations. We highly recommend Dansa D’Arata Soucia to companies of all sizes and complexity.

Paul Artemou

Placements.io

We highly recommend Dansa D’Arata Soucia LLP for their exceptional flexibility, extensive expertise, and unwavering commitment to delivering high-quality SOC2 Type II audits. Their team has consistently demonstrated a deep understanding of our organization’s unique needs and challenges, adapting their approach with remarkable flexibility. With a wealth of experience in SOC2 Type II audits, they address every aspect of the process with meticulous attention to detail. Choosing Dansa D’Arata Soucia LLP as our auditing partner has been an absolute pleasure, and we look forward to continuing our fruitful collaboration.

Bruno Santos

MxHero

We are extremely satisfied with Darata’s Information Security Compliance services. Their expertise and professionalism in helping us obtain a SOC 2 report were exceptional. They guided us through the entire process, ensuring that we met all the necessary requirements and standards. Thanks to Darata, we now have a robust information security framework in place, giving us and our clients peace of mind. I highly recommend their services to any organization seeking information security compliance.

Wesley Tuzza

Kademi

Working with the Dansa D’Arata Soucia on our SOC compliance has been straightforward with great communication and understanding back and forth. There are a lot of moving pieces involved with maintaining SOC compliance, and DDS helps to keep it low stress, yet holistic.

Josh Holat

Cube Software

This is the first auditing firm I’ve worked with that I felt was actually interested in us understanding our requirements and wanted to see us grow and succeed. The relationship has never been the least bit adversarial and our dedicated auditor is a joy to work with in every regard. I highly recommend them.

Kris French

Teampay

We have worked with DDS for the past two years on our SOC 2 compliance. Their team made the process of getting SOC 2 compliant as easy and seamless as possible. The DDS team explained the path to compliance in a clear manner and were quick to respond to any questions we had along the way. They have helped us through whatever remediation has been necessary in a constructive way. It’s been a pleasure working with DDS and I highly recommend them!

Gil Bar-Or

Full Circle Insights

Choosing the right audit partner for your SOC journey is critical to the success of your organization. After vetting the market we engaged with Dansa D’Arata & Soucia CPAs LLP for our initial certifications. Their subject matter experts efficiently and effectively guided us through our SOC 1 and SOC 2 journey to a successful outcome. They proved their capabilities during that initial engagement and because of that we entered into an on-going relationship for continued compliance success.

David Feuerstein

FADEL

Working with the DDS team over the past 3 years on both SOC 1 and SOC 2 reports has been smooth and seamless. Our auditor is able to access our GRC tool – both to monitor our progress each month as well as to post audit-related tasks for us to integrate into our regular activities. As a result, the annual update process for our report is relatively painless as DDS is able to work with us on a completely automated electronic basis with only a handful of emails to manage exceptions, as needed.

Dave Johnson

Point Predictive

It was a pleasure to work with DDS as our SOC 2 auditor. We are a small start‐up, and as it was our first year undergoing a SOC2 Type 2 audit, we had many questions about the formatting of evidence, and the requirements and best practices in general. The DDS team provided us with amazing support throughout the process, from preparation and audit readiness, to answering questions well after we had completed the audit. Our assigned auditor and other team members were extremely diligent, helpful, and communicative at every step, and we are excited to continue partnering with them for our future compliance needs.

Luke Baumann

Green Project

Working with Dansa D’Arata Soucia was an invaluable experience for us. Their expertise and guidance not only helped us navigate the complex audit process but also allowed us to strengthen our security practices and elevate our commitment to data protection.

Matthew Dubuc

Tegrita

At Slope, we are very happy with Darata’s audit services. As a high growth startup that works with enterprise clients, we are looking for a partner that understands the importance of a smooth, transparent, and timely audit. Darata is that partner for us. Matthew and the team are always available for questions and are incredibly long-term oriented, laying the foundation to secure Slope for years to come. We are very satisfied with their services and highly recommend working with them!

Alice Deng

Slope

Team Leaders

Daniel Garigen, CPA

Partner

View Bio

Taylor Gavigan, CPA, CISA, CITP

Senior Manager