SOC Advisory and SOC Plus Attestations
SOC 1 Report
A detailed description of your internal controls over financial reporting that impact your customers, so that your customers meet the needs of their management, auditors, and other stakeholders.
SOC 2 Report
A comprehensive description of your internal controls relevant to the security, availability, processing integrity, confidentiality, and privacy of your system.
SOC 3 Report
If you want to be able to share your SOC 2, but don’t need to provide more than an overview related to security, availability, processing integrity, confidentiality, and privacy. Can be readily shared, and used for marketing purposes.
Need to go beyond SOC 2:
SOC 2 Plus
If you want to go beyond the SOC 2 trust services criteria (security, availability, processing integrity, confidentiality, and privacy) and report on another regulatory or compliance framework i.e., HIPAA, GDPR, NIST Cybersecurity Framework, Cloud Security Alliance, ISO 27001, etc.
SOC for Cybersecurity
If you want a general-use report that’s specifically relevant to the organization’s cybersecurity risk management program.
SOC for Supply Chain
Addresses the trust services criteria from SOC 2, relevant to a production, manufacturing, or distribution system.
We look at: