Services > Consulting > Risk & IT Compliance > SOC Examinations > SOC Readiness Assessment

SOC Readiness

Preparing to launch a SOC report can drain significant time and resources for an organization—especially those preparing their first SOC report and that may not be prepared for the level of risk mitigation and expertise needed to document controls for a successful SOC examination.

Confidently navigate the process with guidance from our professionals and determine if you’re maintaining compliance correctly—so you can stay focused on what matters most to your organization. A readiness assessment can be applicable for a SOC 1®  or a SOC 2®  audit.

While an organization must take responsibility for its own controls, an assessment can help guide you through defining controls that should be in your SOC report and any controls that require remediation.

How the Process Works

Planning for a readiness assessment with significant time available—often three to six months—before the period under examination date is crucial. This provides time to resolve control deficiencies identified ahead of time.

Work closely with our professionals to:

  • Identify, design, and document key processes. Interview control owners to understand key processes and controls for what’s needed for SOC reports.
  • Identify controls to map to the required control objectives for SOC 1 or Trust Services Criteria for SOC 2 or SOC 3®. Take key controls identified and determine the correct coverage controls are in place to support objectives or trust services, as well as identify gaps to determine additional controls that may be needed
  • Identify any controls for remediation. Determine any additional steps needed before the SOC examination commences.

­Expansive SOC Experience

Our professionals provide examinations for a range of client types including software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS) companies, business intelligence providers, colocation data centers, financial institutions and service companies, third-party administrators, benefits administrators, and more.

Though distribution of SOC 1 examination details is restricted to management, customers, and financial statement auditors to keep sensitive information confidential, the American Institute of Certified Public Accountant (AICPA) provides a seal to companies that receive examination reports that allow public distribution and to instill confidence where necessary.

More than 450 SOC clients
More than 450 SOC clients
More than 20 types of SOC clients
More than 20 types of SOC clients
More than 90 professionals specializing in SOC
More than 90 professionals specializing in SOC

Primary Contact

Photo of Kimberly A. Koch
Kimberly A. Koch
Principal
(509) 777-0107

Baker Tilly US, LLP, Baker Tilly Advisory Group, LP and Moss Adams LLP and their affiliated entities operate under an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable laws, regulations and professional standards. Baker Tilly Advisory Group, LP and its subsidiaries, and Baker Tilly US, LLP and its affiliated entities, trading as Baker Tilly, are members of the global network of Baker Tilly International Ltd., the members of which are separate and independent legal entities. Baker Tilly US, LLP and Moss Adams LLP are licensed CPA firms that provide assurance services to their clients. Baker Tilly Advisory Group, LP and its subsidiary entities provide tax and consulting services to their clients and are not licensed CPA firms. ISO certification services offered through Moss Adams Certifications LLC. Investment advisory offered through either Moss Adams Wealth Advisors LLC or Baker Tilly Wealth Management, LLC.