top of page

Small businesses that sell their products and services to large national or international companies now face compliance challenges. Some trends appear.




A SOC 1 report is an audit of internal controls that a service organization has put in place to protect customer data, particularly internal controls over financial reporting. SOC 1 is the standard by American CPAs in a SOC 1 audit to evaluate, test, and report about the effectiveness of internal controls of the service organization. The result? A SOC 1 report that validates the organization's commitment to providing high-quality and secure services to customers.


Introduced in 2011, Service Organization Control Reports (SOC 2) are becoming increasingly popular in discussions about data security and compliance.

But what is a SOC 2 report?
Which one do you need?

Why is a SOC 2 report so important? 
Do you need it, or is it something that looks just like a good on paper?

ISO27001-ISO 27001

ISO 27001 (formerly known as ISO/IEC 27001:2005) is a framework for an Information Security Management System (ISMS).

An ISMS is a policy and procedural framework that includes all legal, physical and, technical controls involved in an organization's information risk management processes.

IT process
IT Gap Analysis-Analyse des écarts TI

1. Gap analysis

IT policy-IT procedures-Politiques TI

2. Controls matrix

4. Implementation of new processes 

3. Policies and procedures

IT Awareness-SensibilisationTI

5. Training and awareness

IT audit-Audit TI

6. Audit and conclusion

Help you to find the best solution

Yucca IT Consulting accompanies you and guides you through each step leading to compliance with the selected framework or regulation. Yucca TI Consulting will work closely with your organization's appointed pilot to maximize the hours worked on the compliance program.


The GDPR is a new set of rules designed to give European Union (EU) citizens more control over their data. It aims to simplify the regulatory environment for businesses so that EU citizens and businesses can fully benefit from the digital economy.

The reforms are designed to reflect the world we live in today, and update laws and obligations - including those relating to personal data, privacy and consent - across Europe for the era of connection Internet. Any company that hosts or uses personal data from EU citizens is subject to GDPR.


The National Institute of Standards and Technology (NIST) guidelines provide all standards for recommended security checks for information systems in U.S. federal agencies.

The U.S. government approves these standards, and companies comply with NIST standards because they include controls of safety best practices in a range of industries.

Many private companies doing business with U.S. government agencies or subcontractors that do business with these agencies must comply with  NIST standards.


The new ISO 27701 to address all GDPR compliance issues. This compliance framework is an extension to the ISO 27001 framework.

bottom of page