We can help you identify the controls you need to successfully pass a SOC audit. We’ll find any gaps that may exist in your control structure and suggest remedies that help ensure a positive outcome.

SOC 1 reports cover organizational controls that may impact the internal controls around financial reporting of your clients. This includes your controls around organization and administration, change management or application development, logical and physical security, availability of systems, and any business processes specific to your company. SOC 1 reports, which are issued under SSAE18, can be issued as a Type I or Type II report.

Issued under SSAE 18, SOC 2 reports cover organizational controls around one or more of the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. SOC 2 reports can be issued as a Type I or Type II report.

Issued under SSAE 18, SOC 3 reports cover the same Trust Services Criteria as a SOC 2 with one caveat: SOC 3 is an abridged report that can be freely shared with any individual and posted on your website.

A SOC for Cybersecurity report can give you assurance around the effectiveness of your cybersecurity risk management program. It can also help you gain a better understanding of your organization’s ability to manage cybersecurity threats and respond to, mitigate, and recover from breaches.

Type I SOC reports are available for both SOC 1 and SOC 2 reports. These reports provide an opinion on the design of your organization’s controls at a specific point in time. The Type I is often a steppingstone to a Type II SOC report.

Type II SOC reports are available for SOC 1, SOC 2, and SOC 3 reports. These reports provide an opinion on the design and operating effectiveness of your organization’s controls over a specific period of time (e.g. 6, 9, or 12 months).