SOC 2 Plus Reports | SOC 2 Plus - Des Moines (IA)
SOC Reports Header

SOC 2 Plus Reports – Des Moines (IA)

GET A QUOTE

SOC 2 Plus Reports – Des Moines

Des Moines and Iowa businesses tasked with managing third-party data are often required to undergo a System & Organization Control (SOC) 2 certification process. During the examination, the required tools, processes, and procedures are tested to ensure they are functioning as expected. However, for others that handle highly sensitive data or operate in a highly regulated industry (e.g., finance, technology, or healthcare) need to demonstrate a level of data security that extends beyond SOC 2 requirements.

Under these circumstances, a company will complete SOC 2 Plus certification to demonstrate compliance with additional control frameworks such as HITRUST CSF, PCI-DSS, or ISO 27001. This additional testing provides customers with a higher level of confidence in a service organization’s data protection tools and controls. Whatever the level of compliance needed, it’s essential to work with a qualified provider to guide you through the process.

SOC 2 Plus Experience – Iowa

Barnes Dennig has significant experience providing SOC 2 Plus examinations to companies in Des Moines and Iowa. Typically, we work with those who handle very sensitive data that are looking to demonstrate a more sophisticated level of data security. This often includes those in the healthcare, technology, and finance industries. Our diverse experience allows us to more quickly evaluate a company, its risk profile, potential security gaps and other standard-driven variables. The result is a timely and comprehensive SOC 2 Plus report to share with customers and prospects.

SOC 2 Plus Frameworks

  • SOC 2 security
  • SOC 2 availability
  • SOC 2 confidentiality
  • SOC 2 processing integrity
  • SOC 2 privacy
  • HITRUST CSF
  • Cloud Control Matrix

Ask the Experts – SOC 2 and SOC 2 Plus

 

Contact our DES Moines SOC 2 Plus Team

Barnes Dennig provides SOC 2 Plus Reports to companies in Des Moines and Iowa. If you are interested in learning how we can assist your organization, complete the form below or call us at 800-430-4731 for assistance.

SOC 2 Plus - Frequently Asked Questions

SOC 2 Plus is an enhanced version of the standard SOC 2 report, which includes additional compliance frameworks or industry-specific criteria beyond the Trust Services Criteria (TSC) used in a standard SOC 2 report. These additions might include frameworks like HIPAA, HITRUST, NIST, or other regulatory and security standards.

A standard SOC 2 report is based on the Trust Services Criteria related to security, availability, processing integrity, confidentiality and privacy. SOC 2 plus takes that a step further and includes an additional framework into the report. This can include mapping the SOC 2 criteria to the additional framework(s) or including an additional control mapping that maps an organization’s controls to the additional framework.

Organizations that are asked to provide assurance around multiple frameworks. An organization with customers in the US and Europe may be asked for both SOC 2 and ISO 27001. The SOC 2 plus report provides the flexibility for the organization to include both frameworks in one report. Further, it simplifies the audit process for the organization by testing the controls once and then reporting across multiple frameworks resulting in one report that can be given to all customers.

SOC 2 Plus can integrate various regulatory and industry standards, such as:

  1. HIPAA (Health Insurance Portability and Accountability Act) for healthcare data security.
  2. HITRUST CSF (Common Security Framework) for healthcare and risk management.
  3. NIST 800-53 for federal agencies and contractors.
  4. ISO 27001 for international information security management.
  5. PCI DSS (Payment Card Industry Data Security Standard) for payment processing.

The SOC 2 Plus process follows the standard SOC 2 evaluation but expands to assess compliance with the additional frameworks chosen by the organization. This involves:

  • Defining the scope based on business needs and regulatory requirements
  • Assessing existing controls against both the Trust Services Criteria and additional frameworks
  • Testing and evaluating control effectiveness
  • Issuing a final report detailing the findings

About the Des Moines Business Community

Des Moines IA CAASThe Des Moines business community is a vibrant and steadily growing part of the Midwest economy, anchored by a strong foundation in finance, insurance, and agribusiness. As the capital of Iowa, Des Moines is home to major insurance companies like Principal Financial Group, EMC Insurance, and Nationwide, making it one of the leading insurance hubs in the country. Its financial services sector also continues to expand, with banking, asset management, and fintech firms choosing Des Moines for its lower operating costs and highly educated workforce. The city’s economy is further bolstered by its deep agricultural roots, with many agribusiness giants like Corteva Agriscience and Kemin Industries maintaining major operations in the region, blending traditional farming expertise with cutting-edge agtech innovation.

Des Moines has cultivated a thriving startup scene as well, with a focus on technology, health sciences, and renewable energy, supported by accelerators like the Global Insurance Accelerator and the Iowa AgriTech Accelerator. The downtown area has undergone significant revitalization, attracting new restaurants, cultural venues, and office developments that have made it an attractive location for both young professionals and established firms. The region’s real estate and construction sectors are also strong, driven by demand for both residential and commercial projects. Healthcare plays a growing role in the local economy, with MercyOne and UnityPoint Health standing out as major employers.

Apply Now