SOC Reports (SSAE 18)
Navigating the compliance world can seem overwhelming. But you don’t have to do it alone. Our experienced team can help you understand which System and Organization Controls (SOC) report best fits your organization’s needs—whether you need assurance over a specific area for a contract or are looking to ensure regulatory compliance. We provide SOC readiness support ahead of your actual audit, along with SOC 1, SOC 2, and SOC 3 reports for clients in all industries and locations.
By leveraging a suite of modern tools, we are able to streamline our service delivery model and seamlessly share documents and requests—making the process that much easier for your team.
We can help you identify the controls you need to successfully pass a SOC audit. We’ll find any gaps that may exist in your control structure and suggest remedies that help ensure a positive outcome.
SOC 1 reports cover organizational controls that may impact the internal controls around financial reporting of your clients. This includes your controls around organization and administration, change management or application development, logical and physical security, availability of systems, and any business processes specific to your company. SOC 1 reports, which are issued under SSAE18, can be issued as a Type I or Type II report.
Issued under SSAE 18, SOC 2 reports cover organizational controls around one or more of the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. SOC 2 reports can be issued as a Type I or Type II report.
Issued under SSAE 18, SOC 3 reports cover the same Trust Services Criteria as a SOC 2 with one caveat: SOC 3 is an abridged report that can be freely shared with any individual and posted on your website.
A SOC for Cybersecurity report can give you assurance around the effectiveness of your cybersecurity risk management program. It can also help you gain a better understanding of your organization’s ability to manage cybersecurity threats and respond to, mitigate, and recover from breaches.
Type I SOC reports are available for both SOC 1 and SOC 2 reports. These reports provide an opinion on the design of your organization’s controls at a specific point in time. The Type I is often a steppingstone to a Type II SOC report.
Type II SOC reports are available for SOC 1, SOC 2, and SOC 3 reports. These reports provide an opinion on the design and operating effectiveness of your organization’s controls over a specific period of time (e.g. 6, 9, or 12 months).
What Our Clients Say
Partners to help you scale
We all bring different skills to the table, but our collective passion for collaboration, problem-solving, and quality results is what makes our team strong.
We recognize that our service delivery approach needs to be as flexible as our customers are unique. And that is a challenge we readily embrace. Whether you are a startup or a market leader, Holtzman provides the right resources, and gives you the tools you need to grow your business.