Fortreum Associates – an integrated approach to SOC 2 and other IT audit engagements
It’s time. A few months after joining up with some old colleagues/friends at Fortreum, LLC, I’m pleased to announce that Fortreum Associates, LLC is open for business! Fortreum Associates is a licensed and registered CPA firm that specializes in information security audits, examinations, and attestations (SOC 1 and SOC 2).
I’m Jeff Cook, the Managing Principal at Fortreum Associates, and couldn’t be more excited to start this partnership with Fortreum. We are thrilled to be working together in order to form a more integrated, consolidated audit process that combines the knowledge and experience of all of our personnel to create a better experience for our clients.
Years of industry experience
I have been working in the SOC/AIPCA space for 10 years now. I have helped start four different SOC practices over that time, been involved as a SOC peer review specialist, consolidated audit reviews, and also worked with the AICPA along with other volunteers to help develop the SOC 2 guide, training, whitepapers, FAQs, and other SOC guidance and information. I’ve quality-controlled hundreds of SOC reports, and developed strategies for SOC engagement performance improvements, from methodologies to use of various technologies. We look to specialize and find efficiencies between SOC and other frameworks for our customers.
“Consolidated audit and how SOC integrates with other frameworks will provide significant value to our customers”
I’m bringing that experience to align with some of the best and brightest in the compliance industry. Fortreum was founded by James Leach and Michael Carter, whose leadership draws from 25 years’ experience supporting both the Public and Private Sector – SMBs, Fortune 500 customers, and several successful company exits. James and Michael were original FedRAMP Third Party Assessment Organization (3PAO) personnel who have participated with the FedRAMP Program Management Office (PMO) since the program started over 10 years ago.
A common vision and approach to audits
At Fortreum and Fortreum Associates, we realize that many compliance and assessment efforts feel and act in a similar manner. For the most part, controls are controls. So the question then becomes, why duplicate effort when both preparing for and conducting audits? There is a significant opportunity to leverage Fortreum’s framework (consolidated audit), technology, and cloud experience (working with the largest technology and cloud providers in industry) to ease our clients’ compliance journey.
“Our mission is to simplify the highly complex cloud and cybersecurity challenges into a more consumable service and roadmap. Our business is outcome-focused and we believe strongly in simplifying our clients’ experience through engagement roadmaps. Our end goal is to be a trusted and authoritative turnkey third party partner for our clients.”
James Leach, Managing Partner/Co-founder, Fortreum.
That’s why we at Fortreum have taken the time to think through multiple frameworks and how to leverage their common themes. Our audits use the highest standards from those frameworks as the combined baseline for our clients’ efforts. Using those baselines, our work then involves an “asses once, leverage many” approach where Fortreum personnel will meet the criteria for multiple frameworks at once. From there, we make sure we meet any framework-specific requirements before finalizing the final deliverables for the client.
The result for our clients is a less intrusive approach to the audit by shortening request lists, reducing on-site time and questions, and gathering needed evidence through technology that can be used in multiple efforts. The integrated relationship between Fortreum and Fortreum Associates provides for efficient and high-quality audits for clients ranging from small to midsize companies, to Fortune 500 enterprises.
Where do we go from here?
The vision for both Fortreum and Fortreum Associates is the same. We are excited about the opportunity to evolve in the audit compliance industry through the use of new technologies and methodologies to streamline audits. We want to be strategic partners for our clients, giving them the best infosec experience to help them grow and scale whether it’s their first compliance effort, or a multi-framework engagement to meet a variety of needs.
To learn more about Fortreum and our service offerings, please visit www.fortreum.com/SOC.
Jeff Cook – CPA