SOC Examinations

Move Forward with Confidence

Verifying the integrity of your business’s internal control environment can be key to serving and protecting your customers and organization.

Assess the effectiveness of your internal controls and safeguards with a Systems and Organization Controls (SOC) examination, also known as a SOC audit, and receive independent, actionable feedback based on the reported results.

SOC audits can help confirm systems are secure and data protected and reduce audit procedures for financial statement auditors.

What Kind of SOC Report Is Right for You?

A SOC readiness assessment can help guide companies through the stages to prepare for their first SOC examination.

There are three kinds of SOC reports:

  • SOC 1®. Specifically intended to meet the needs of user entities and financial statement auditors that audit the user entity’s financial statements to evaluate the effects of controls on financial reporting process.
  • SOC 2®. Generally needed when a vendor provides services that requires data security.
  • SOC 3®. Essentially a smaller-scale SOC 2 report primarily used for public distribution.
Three kinds of SOC reports

Insights for Targeted Risk Areas

SOC reports can be tailored to address your organization’s specific concerns including:

  • SOC for Cybersecurity. Provide information to stakeholders on your cybersecurity risk management program.
  • SOC 2+. Enhance SOC 2 reports with additional compliance criteria like Health Insurance Portability and Accountability Act (HIPAA) and Health Information Trust Alliance (HITRUST).

Who Needs SOC Examinations?

SOC examinations aren’t just for technology corporations. They benefit a range of entities, from financial institutions to benefit plan administrators and not-for-profit organizations.

Traditional outsourcing arrangements apply to:

  • Software as a service (SaaS), infrastructure as a service (IaaS), platform as a service (PaaS), and cloud providers
  • Data technologies, advanced analytics, and artificial intelligence-focused companies
  • Managed services
  • Financial institutions, bank trust departments, credit unions, and collection agencies
  • Accounting services
  • Payroll bureaus
  • Third-party and benefit plan administrators
  • Document management
  • Specialized services

Expansive SOC Experience

Our professionals provide SOC audits for a range of client types including SaaS, Iaas, and PaaS companies, business intelligence providers, colocation data centers, financial institutions and service companies, third-party administrators, benefits administrators, and more.

Though distribution of the SOC 1 examination report is restricted to management, customers, and their financial statement auditors to keep sensitive information confidential, companies can register for an American Institute of Certified Public Accountant (AICPA) SOC seal for public distribution.

Featured Resources


Primary Contact