SOC 1, 2, and 3 Reports (SSAE18)

Securing Trust with Comprehensive SOC Compliance

Protecting sensitive data and ensuring the security of your systems is crucial in today’s interconnected world. Our firm specializes in SOC (Service Organization Control) compliance, offering SOC 1, SOC 2, and SOC 3 reporting services. Our experienced professionals will assess your controls and processes, identify vulnerabilities, and provide comprehensive recommendations to strengthen your security posture. With our SOC compliance services, you can gain the trust of your clients and demonstrate your commitment to safeguarding their data.

SOC 1 Report

These reports are designed to cater to the requirements of companies utilizing service providers, as well as their financial auditors. By utilizing these reports, it becomes possible to assess the impact of the controls implemented at the service organization on the customers’ financial statements. User auditors leverage these reports to strategize and conduct audits of the customers’ financial statements. However, access to and utilization of these reports are limited to the management of the service organization, user entities, and user auditors.

SOC 2 Report

The purpose of these reports is to fulfill the requirements of diverse users seeking information and assurance regarding the controls implemented at a service organization, particularly those pertaining to security, confidentiality, or privacy of the data center’s system and information security. Various stakeholders, including vendor management, privacy officers, regulators, and other individuals knowledgeable about the service organization and its controls, may rely on these reports to gain insights. These reports can play an important role in:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

SOC 3 Report

The primary objective of these reports is to serve as effective marketing tools. They are specifically designed to cater to users who require assurance regarding the controls at a service provider but do not necessarily need the intricate details provided in an SOC 1 or SOC 2 Report.

Unlike SOC 1 and SOC 2 reports, which have restricted use, SOC 3 Reports allow the service provider organization to distribute a general-use report. This report serves as a valuable marketing tool, showcasing to current and potential customers that the service provider has implemented appropriate controls to mitigate risks associated with security, privacy, and other relevant areas.

How to Identify the SOC Report that is Right for You

Will the report be used by your customers to plan and perform an audit of your customer’s financial statements? Yes SOC 1 Report
Will the report be used by your customers as part of their compliance with the Sarbanes-Oxley? Yes SOC 1 Report
Will the report be used by your customers to gain confidence and place trust in a service organization’s systems? Yes SOC 1, SOC 2 and SOC 3 Report
Do you need to make the report generally available or seal? Yes SOC 3 Report
Do your customers have the need for and ability to understand the details of the processing and controls at a service organization, the tests performed by the service auditor and results of those tests? Yes SOC 2 Report
No SOC 3 Report

Our SOC Team

Principal & Director of Information Technology Consulting

Areas of Expertise:

  • SOC Engagements
  • Acumatica – The Cloud ERP
  • Sage 300 & Sage CRM
  • Third Party Applications for Acumatica and Sage 300
  • Information Systems Security Reviews
  • System Evaluation and Implementation/Project Management
  • QuickBooks

Jeffrey R. Sheets, CPA


Areas of Expertise:

  • Information Security Audits
  • PCI DSS Audit
  • Financial Systems
  • Hitrust

Lisa Katzen, CISA, PCI QSA


Areas of Expertise:

  • Information Security Audits
  • PCI DSS Audit
  • Information Security Program Development
  • Cloud Security
  • GDPR, NIST 800-53, ISO 27001, and Hitrust


Request Our Services