Is your company being asked to provide a SOC report but you’re unsure of the differences or which one to choose? Below is a quick summary of the SOCs to help you decide which one might be right for you.

Readiness Consulting

Whether you’re contemplating a SOC engagement for the first time or considering upgrading from a Type 1 to a Type 2, we recommend that you test the waters first. Prepare for it by having us walk you through the requirements before a formal report is issued.

SOC 1 Audits

SOC 1 reports are primarily used to provide your client’s auditors with information and an opinion about your organization’s controls. These are designed for service organizations who have reporting requirements on Internal Control over Financial Reporting.

SOC 2 Audits

SOC 2 compliance is designed for the growing number of technology service organization entities that need a more technical audit with emphasis on comprehensive information security policies and procedures.

SOC 3 Audits

SOC 3 reports are intended for a wide range of users who may be interested in your organization’s controls. These reports provide the same level of assurance as SOC 2 but are for general release.

Risk Assessment

If you don’t need a SOC, we can perform a Risk Assessment and apply the same principles with a lower cost to you.