SOC 2

Show your customers their data is protected.

Generate sales and retain customers with a technical assurance report.​

You can get more customers and keep current ones by proving you are secure and that customer data is confidential, available and will be processed accurately. We can help ease your customers’ worry about their data security by ensuring them you are secure with a Service Organization Controls (SOC) Report.

Sean P. Linton, CPA, CITP
Sean offers a well-rounded approach to technology consulting with a broad base of experience in multiple audit disciplines.

Service Organization Control 2 Report (SOC 2)

A SOC 2 reporting engagement provides an independent auditor’s attestation related to the controls for a service organization that reflects any and/or all of the company’s security, availability, processing integrity, confidentiality and/or privacy processes. Many entities outsource tasks or entire functions to service organizations that operate, collect, process, transmit, store, organize, maintain and dispose of information for user entities. Therefore, a SOC 2 report is often required.

The SOC 2 report results from attestation engagements that use the predefined criteria in the Trust Services Principles, Criteria and Illustrations (from the CICA and the AICPA), and the requirements and guidance in the AICPA’s AT Section 101 “Attest Engagements.”

Similar to a SOC 1 report, the SOC 2 report is issued as either a Type 1 or Type 2 report and provides a description of the service organization’s system. The Type 2 report also includes a description of the tests performed by the service auditor and the results.

SOC 2 reports address any and/or all of the following principles:

The system is available for operation and use as committed or agreed.

The system is available for operation and use as committed or agreed.

System processing is complete, accurate, timely and authorized

Confidential information is protected as committed or agreed.

Personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants.

Why does my company need a SOC 2 Report?

Scope of SOC 2 Reports

  • Data security
  • Data confidentiality

  • Data availability

  • Data privacy

  • Processing integrity

  • HIPAA

  • ISO 27001

  • NIST

  • HITRUST

Common Requirements of SOC 2 Compliance

Latest Technology Consulting Insights

Learn more about our Technology Consulting team’s expertise and ways in which we are helping organizations evaluate regulatory compliance. Our team has experience serving companies that range from startups to Fortune 100 companies in a variety of industries.

Meet your technology consulting team
Our Technology Consulting team provides expertise, process and technology required to evaluate regulatory compliance. Our team has experience serving companies that range from startups to Fortune 100 companies in a variety of industries.

Kate Seigrist

Partner, Technology Consulting

Sean Linton

Partner, Technology Consulting

Renata Torola

Manager, Technology Consulting

Bill Bodner

Manager, Technology Consulting

Let's start a conversation.

For More Information