When a national law firm specializing in social security disability benefits needed an assessment of their internal IT controls, they turned to PamTen. The firm dealt with extensive amounts of personal data. Clients and management wanted to ensure that this vulnerable information was compliant with AICPA and protected from external intrusion.
PamTen followed our standard audit engagement approach which began with a discovery call with the client to define the audit scope. PamTen recommended that the best approach was to perform a SOC 2 Audit to examine the firm’s current level of compliance with the AICPA Trust Services Criteria (TSC) requirements.
The audit began with a detailed review of the firm, its systems and services, IT infrastructure, and internal functions. PamTen interviewed the members of the firm’s IT, Quality, HR staff, and managing partner. A PamTen engagement manager monitored audit activities throughout the engagement and kept the client updated as to the progress.
The audit included:
The audit consisted of the following phases:
Upon completing the audit, a detailed Service Organization Control (SOC) 2 report was produced and presented to the client’s senior leadership team. The client was pleased to have an industry-recognized acknowledgment of their internal controls’ security, reassuring the firm’s leadership and clients that their data was and will continue to be kept secure and confidential.