SOC Examinations

Services > Consulting > Risk & IT Compliance > SOC Examinations
SOC Readiness Assessment SOC 1 SOC 2 Plus SOC 2 and 3 SOC for Cybersecurity

Move Forward with Confidence

Verifying the integrity of your business’s internal control environment can be key to serving and protecting your customers and organization.

Assess the effectiveness of your internal controls and safeguards with a Systems and Organization Controls (SOC) examination, also known as a SOC audit, and receive independent, actionable feedback based on the reported results.

SOC audits can help confirm systems are secure and data protected and reduce audit procedures for financial statement auditors.

What Kind of SOC Report Is Right for You?

A SOC readiness assessment can help guide companies through the stages to prepare for their first SOC examination.

There are three kinds of SOC reports:

  • SOC 1®. Specifically intended to meet the needs of user entities and financial statement auditors that audit the user entity’s financial statements to evaluate the effects of controls on financial reporting process.
  • SOC 2®. Generally needed when a vendor provides services that requires data security.
  • SOC 3®. Essentially a smaller-scale SOC 2 report primarily used for public distribution.
Three kinds of SOC reports
Click here to download the SOC Audit Guide

Insights for Targeted Risk Areas

SOC reports can be tailored to address your organization’s specific concerns including:

  • SOC for Cybersecurity. Provide information to stakeholders on your cybersecurity risk management program.
  • SOC 2+. Enhance SOC 2 reports with additional compliance criteria like Health Insurance Portability and Accountability Act (HIPAA) and Health Information Trust Alliance (HITRUST).

Who Needs SOC Examinations?

SOC examinations aren’t just for technology corporations. They benefit a range of entities, from financial institutions to benefit plan administrators and not-for-profit organizations.

Traditional outsourcing arrangements apply to:

  • Software as a service (SaaS), infrastructure as a service (IaaS), platform as a service (PaaS), and cloud providers
  • Data technologies, advanced analytics, and artificial intelligence-focused companies
  • Managed services
  • Financial institutions, bank trust departments, credit unions, and collection agencies
  • Accounting services
  • Payroll bureaus
  • Third-party and benefit plan administrators
  • Document management
  • Specialized services

Expansive SOC Experience

Our professionals provide SOC audits for a range of client types including SaaS, Iaas, and PaaS companies, business intelligence providers, colocation data centers, financial institutions and service companies, third-party administrators, benefits administrators, and more.

Though distribution of the SOC 1 examination report is restricted to management, customers, and their financial statement auditors to keep sensitive information confidential, companies can register for an American Institute of Certified Public Accountant (AICPA) SOC seal for public distribution.

AICPA SOC
More than 450 SOC clients
More than 450 SOC clients
More than 20 types of SOC clients
More than 20 types of SOC clients
More than 90 professionals specializing in SOC
More than 90 professionals specializing in SOC

Featured Resources

Guide
SOC Reporting | Why a SOC Report Makes All the Difference
Explore in-depth insights of SOC reports with our detailed guide.
Guide
WebPage
Webcast Series: System and Organization Controls
Learn the benefits of SOC reports, how to mitigate risks, and more in this webcast series.
WebPage

Insights

Article
Comparing SOC 2 and ISO/IEC 27001 FAQ
Discover how SOC 2® and ISO/IEC 27001 can enhance your organization's security landscape and build customer trust.
Article
Article
Enhance Efficiency to Protect Data
Health care organizations can leverage System and Organization Controls (SOC), HIPAA, and HITRUST frameworks to maintain security and compliance.
Article
Article
Updates to SOC 2 Guide
Learn more about updates to trust services criteria points of interest and disclosure requirements, among other things.
Article
Article
SOC 2 Examination Checklist
Prepare for a SOC 2 examination and learn best practices for a successful examination, to help maintain compliance.
Article
Article
How Technology Companies Can Built Trust
Instill confidence that your internal controls are sound is with a system and organization control (SOC) examination.
Article
Article
3 Steps for a Better SOC 2 Exam
Learn how your company can improve its SOC 2 examination to increase credibility and stay competitive.
Article
Article
Review Vendor SOC Reports
Obtain a new vendor’s SOC reports, so you can address the risks related to outside service providers.
Article
Article
SOC 2 Trust Services Criteria
The criteria enhances SOC 2 reporting by providing greater coverage over IT governance and operational management. Learn more.
Article
Article
What Service Organizations Should Know When Purchasing SOC 2 Tools
Discover considerations to keep in mind when evaluating SOC 2 tool options.
Article

Primary Contact

Photo of Kimberly A. Koch
Kimberly A. Koch
Partner
(509) 777-0107