SOC 2 TYPE II Press Release

January 2020


Sydney, Australia – A national information management organisation and provider of innovative software solutions in Sydney announced that it has successfully completed a System and Organization Controls (SOC) 2® Type II Audit examination for their Data Storage Document Management System. (The name of the organisation is being withheld for security purposes.)


This organisation retained international business advisory firm Skoda Minotti for its SOC 2® audit work. It retained international business consulting firm SAMEC for project coordination and advising. The client selected Skoda Minotti and SAMEC after an intensive search based on their reputations as a leading risk advisory and compliance firm.


Ben Osbrach, CISSP, CISA, QSA, CICP, CCSFP, partner-in-charge of Skoda Minotti’s risk advisory group says, “We were excited to work with SAMEC from the very start. They are an intriguing firm delivering high-quality services and their business adds to our potential for growth in the Australian region.”

Arjang Safa, SAMEC Founder & Director – Compliance & Innovation, was the main intermediary between Skoda Minotti and the client. Arjang was primarily responsible for supporting the control mapping from the client’s ISO 27001 to the newly implemented SOC 2®, communicating the evidence requests to client personnel, providing the necessary evidence of control implementation and operating effectiveness, coordinating meetings between the client and Skoda Minotti, and documenting process improvements along the way.


SOC 2® engagements are performed in accordance with the American Institute of Certified Public Accountants (AICPA) AT-C 205, Reporting on Controls at a Service Organization and based on the trust service principles outlined in the AICPA guide “Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy.” The SOC 2® Type II report is performed by an independent auditing firm to provide an understanding of the service organisation’s suitability of the design and operating effectiveness of its internal controls. A service organisation may select any or all of the trust service principles applicable to their business, and the client chose to report on security, availability, processing integrity and confidentiality. The successful completion of this voluntary engagement illustrates SAMEC’s ongoing commitment to help companies achieve business growth through compliance with complex frameworks.




Skoda Minotti is a certified public accounting firm based in Cleveland, OH, USA, offering a variety of tax, finance, and advisory services in virtually every area of business. The Risk Advisory practice specialises in SOC Reporting, PCI DSS Compliance, HIPAA Compliance and HITRUST validation, FISMA, NIST, ISO 27001, Vulnerability and Penetration Testing, and other regulatory information security assessments. Staff in Skoda Minotti's Risk Advisory hold several industry certifications including Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Qualified Security Assessor (QSA), GIAC Penetration Tester (GPEN), and GIAC Web Application Penetration Tester (GWAPT). For more information about Skoda Minotti's Risk Advisory Services, please visit