Example SOC Engagement Process
Initial Meeting
Based on your goals, project scope, and a better understanding of your organization, we will provide you with optional approaches, recommendations, and an understanding of what you can expect so you can make a better-informed decision and plan regarding the best path forward.
- Answer questions
- Provide options
- Detailed Pricing
If you'd like, we can also provide a short demo of the free web-based Compliance Management Platform available and some tools like SOC 2 policy templates.
Book a MeetingReadiness/Gap Assessment
Based on your preferred approach, we provide a customized plan ("Assurance Map") and the technology, resources, and guidance to help clients get audit-ready.
One popular Readiness Approach begins with our web-based "Readiness Questionnaire" which completes a risk assessment and customized control set. It will also indicate the gaps where controls will need to be implemented, and the evidence required to demonstrate each control.
We then work with you to develop your system description and provide you a SOC Readiness & Gap Assessment Report that serves as your initial roadmap to compliance.
We also provide the technology, tools, and guidance for gap remediation to help you get audit-ready fast. (Fieldguide Compliance Management Platform, policy templates, etc.)
Get Your Free Readiness Started TodayGap Remediation
The last thing any organization wants to do is waste time, money, and resources on the wrong activities which is why we take the guesswork out of the Gap Remediation process.
Our Gap Remediation Advisory Services help you prioritize your efforts while also providing you with the technology, tools, and regular feedback necessary to get audit ready more efficiently.
Book a MeetingPre-Audit Assessment
Either in conjunction with your Gap Remediation efforts or prior to the actual audit we will perform a pre-audit Readiness Assessment to help ensure a successful audit outcome.
Based on this review, you will have the opportunity to remediate any issues found before the actual audit so you are set up for a successful audit outcome.
We also perform this service free for any SOC 1 Type 1 or SOC 2 Type 2 audit clients.
Book a meetingSOC 1 / SOC 2 - Type 1 Audit
We will perform the necessary testing in an efficient manner that minimizes your work disruption. Once the requested evidence is submitted, we will provide you with a draft report within 2 weeks. Upon client approval, we will issue the final SOC report shortly after that.
In addition to the audit, we will also provide Management Recommendations and any feedback necessary to ensure you are prepared for successful future audits. We are also available year-round to help ensure your compliance program stays on track (for no extra charge).
Click For Pricing InformationSOC 1 / SOC 2 - Type 2 Audit
While the initial SOC 1/2 - Type 1 is focused on ensuring controls are in place at a given date, the Type 2 exam requires us to perform sampling and testing throughout the entire audit period (usually 6-12 months after the initial audit and then annually thereafter).
As we complete our testing, we will do everything in our power to minimize your work disruption and make the audit process as easy as possible.
Book an appointment to learn more about what to expect and the various audit options available.
Click For Pricing InformationOngoing Audit Success
We will remain available year-round to help ensure your compliance program stays on track for future audits.
Your partner will be a valuable resource providing compliance and best practice recommendations, feedback on any questions you may have, and information regarding industry trends.
We also offer free value-added services such as free HIPAA and ISO 27001 Compliance Assessments and control mapping to help efficiently address other compliance frameworks
You will also have access to your Compliance Management Platform year-round for no extra cost (unlike many GRC platforms that cost thousands).
Experience The Benefits of Specialization
As an independent CPA auditing firm that focuses exclusively on compliance, we guarantee our clients will work with highly experienced CPAs and compliance auditors who specialize in SOC 1 and SOC 2 compliance audits. Our team of SOC specialists use a proven approach and methodology that is customized to meet our client’s goals and unique profile to ensure clients receive superior quality reporting and assurance services. Schedule a short consultation to learn about our unique approach and how it can result in a better overall compliance experience.
Just a few of the clients we've worked with over the years
Areas of Examination
The scope and related criteria (Trust Services Criteria) developed by the AICPA are used by CPA practitioners in the performance of SOC 2 engagements.
Readiness Engagement
If this is your first SOC or SSAE 16, we can work with you to do a full/complete SSAE 16 readiness run through of all controls/areas and provide detail on what needs to be done to pass every test associated with general controls, IT controls and application level controls.
SOC 1
Type I – a Type I is a report on policies and procedures placed in operation as of a specified point in time. SSAE 16 Type I reports evaluate the design effectiveness of a service provider’s controls and then confirms that the controls have been placed in operation as of a specific date
Type 2 – a Type I is a report on policies and procedures placed in operation as of a specified point in time. SSAE 16 Type I reports evaluate the design effectiveness of a service provider’s controls and then confirms that the controls have been placed in operation as of a specific date
What are SOC 2 Reports?
The SOC 2 report is an audit for organizations that collect, process, transmit, store, organize, maintain or dispose of non-financial information for other entities. There are two different Types of examinations that can be conducted under the SOC 2 standard.
