Contact Us
Formerly known as “SAS 70″ audits, the AICPA adopted new standards that categorized service organization controls examinations into three types: SOC 1 , SOC 2 and SOC 3.
SOC 1® — SOC for Service Organizations: ICFR These reports are specifically designed to address controls at the service organization that are relevant to their customers’ financial statements. SOC 1 audits are suitable for organizations that process financial transactions on behalf of customers.
SOC 2® — SOC for Service Organizations: Trust Services Criteria (TSP 100) These reports address service organization controls relevant to the security, availability and processing integrity of the systems used to process customer data, and the confidentiality and privacy of the information these systems process.
SOC 3® — SOC for Service Organizations: Trust Services Criteria for General Use Report Like SOC 2, these reports address controls relevant to security, availability, processing integrity, confidentiality and privacy. However, they have an abbreviated reporting format whereby the controls, auditor’s tests and results are omitted, and are considered general use reports that can be freely distributed.
We believe that the unique combination of our character, competencies and cost as a service provider make Versecurity both a quality and cost leader in the area of technology assurance and advisory services. Expand the toggle boxes below for background information, service delivery concepts and examples that we feel distinguish our firm as exceptional or better.
We love what we do.
Versecurity was founded by a small group of entrepreneurs that from a very young age had a love for computers, gadgets and technical systems, which continued into adulthood and their professions–information systems security, design, development and consulting. Although they all worked in IT audit and security departments at regional and “Big 4” accounting firms, they also spent their nights and weekends doing things like setting up hacker labs, testing new Linux distributions and building custom boxes robust enough to allow for quintuple booting. As the years went by, they became increasingly tech-addicted and skilled in their work, but they also became increasingly aware of how dependent people, businesses and governments were becoming on information systems.
There were also more than a few instances in which they witnessed nightmares become reality when critical systems went down or were breached, and the people responsible for getting them back online did not know where to begin to quantify the extent of lost, exposed or corrupted data, or how to correct the damage or prevent it from happening again.
Seeing the upward trends of increased reliance on information systems, more frequent occurrences of system attacks, hacks and frauds, no foreseeable reason for this to reverse or diminish, all in the absence of increased controls or user security-consciousness led to an idea for what eventually became Versecurity.
Our solutions are proposed, planned and executed in-context for every client.
No two organizations are identical and no two solutions should be either. We approach each engagement as a unique undertaking, listening closely to each client and working as a team with project stakeholders to develop the approach, activities, timing and deliverables required to meet the specific needs of their organization. There is no template or checklist, only seasoned professionals attending to each detail and devising specific solutions in which the context affecting each organization is the foundation of each solution.
Our engagements are fixed fee, priced below the competition and expenses are never charged to the client.
During scoping discussions, we make it our responsibility to gain an extremely clear understanding of the exact nature, timing and extent of the project’s activities, and all of the associated deliverables, prior to proposing on the engagement. We contractually obligate the fee stated in our original proposal, as well as the timing and deliverables. What you see is what you get, every time.
All client-serving personnel have at least 10 years professional experience in IT audit and consulting.
Clients also have the pleasure of working with a small firm that has extensively streamlined the testing, documentation and reporting processes that consume the vast majority of hours on most projects, and because seasoned experts are performing the fieldwork and writing the audit reports, customers enjoy the efficiency and quality of deliverables that always exceed expectations, and are always delivered on time and on budget, every single time.
We are team-oriented, accommodating, consultative and receptive with all members of an engagement.
Failure to prevent, detect and/or correct control gaps in customer information systems could have a far-reaching impact with severe consequences that may be very difficult or impossible to rectify. For this reason, we take the role of “IT auditor” or “information systems consultant” very seriously and sincerely. And it’s for this reason that we have adopted an approach of being the nicest, toughest auditors we can be. We work with clients and strive to forge a team-oriented partnership with everyone involved, whether they are customers, customers’ auditors, vendors or other party, we fundamentally have the same objective in each project. So it is of the utmost priority for us to be accommodating and consultative with every person in every engagement, and to be meticulously thorough in our work, ensuring that any findings or recommendations we have are factually irrefutable and previously scrutinized and verified by all parties involved prior to conclusion.
Being team-oriented, accommodating and consultative with all members of an engagement is fundamental to how we operate as a professional services firm. We are very good listeners, always happy to help, not afraid or unreceptive of bad news or criticism, and strive to be an exceptional teammate and resource for every customer, vendor, partner or auditor we encounter on engagements.
We understand the difference between data and information.
In every country on every continent, people (yes, you…and yes, me) rely on the integrity and stability of information systems for daily processes that are so fundamental to our livelihood that we take them for granted to an unnoticeably pervasive degree.
Companies no longer “keep books” on their operational accounting or financial statement reporting. Everything is on a system. And we rely on the integrity of the data that is produced by that system. Reports are generated by the system’s stakeholders, and we use this information to make decisions that range from trivial to critically important with a wide range of potential impact. Naturally, these stakeholders expect the information produced by the system to be valid and accurate. But how would we know? What if 15% of the time the underlying data was intentionally or inadvertently manipulated prior to generation of the report? What if this happened 50% of the time? Or more? Without someone or something to prevent, detect and correct this, there could be a far-reaching impact with severe consequences that may be very difficult or impossible to rectify.
For this reason, we know that the quality of our services and consistency of delivery is critical, and the role of an information technology auditor or information security consultant comes with much responsibility. We take this very seriously and have developed firm methodologies for each service area that are meticulous, current, consistent, adaptive and tested at length. This is the foundation upon which our services are designed and delivered from start to finish for every client and engagement.