SOC 2 audits provide assurance to customers, investors, and others that an organization’s controls govern the information security in their environment, and are appropriate for the purpose for which they are intended. SOC 2 certification engagements are performed under the American Institute of Certified Public Accountants (AICPA) SSAE No. 18, Service Organizations AT-C 105 and 205, and the AICPA SOC 2 Audit Guide, Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. Each SOC 2 report includes an in-depth review of at least one of the AICPA Trust Services Criteria (TSC), namely security, availability, processing integrity, confidentiality, and privacy.
Our qualified auditors consult with management and others to gain a full understanding of the unique needs of each organization. With this information, our auditors will determine which Trust Services Criteria (TSC) are needed for a thorough SOC 2 examination.
It is our goal to provide the least amount of disruption to an organization’s productivity, while still gathering the important data needed to provide an accurate and complete SOC 2 examination.
Once we understand the Trust Services Criteria requirements and your organization’s system, we provide an accurate engagement fee estimate and timeline so you know what to expect and when. In this stage, we also deliver a to-do list as well as a risk and controls matrix (RCM) to expedite the auditing process. We make every effort to meet all reporting deadlines.
Once we have completed the examination, our auditors create a thorough and professional report of their findings. Reports are delivered to each organization digitally to expedite the process of sharing the report with clients and others. Our auditors also deliver recommendations to the organization for improving their processes and internal controls, if needed, to further solidify their compliance.
Throughout the audit process, we take the time to understand your service commitments, system requirements, infrastructure, software, data, and support team. Depending on the organization’s needs, our auditors will conduct onsite and/or virtual interviews and examinations.
Each engagement is led with active partner oversight. This ensures clear communication, informed judgment, and consistent quality throughout the audit lifecycle, resulting in a smoother experience for your team.
SOC 2 requires a strong understanding of systems, processes, and regulatory expectations, coupled with expertise in technology, to deliver timely, structured, and well-supported SOC-2 examinations.
SOC 2 engagements form a significant portion of our work. This focus enables us to efficiently guide clients from planning through report issuance, with practical insights that strengthen internal controls and reduce execution risk.
Fill out the form and we’ll put you in touch with one of our experienced auditors. Your contact information stays with us and is only used to talk with you about your SOC 2 audit—we do not sell or share your contact information with anyone.
