SOC 2
SERVICES

"Sarbey, Lexow & Kaufman's objectivity, independence, and professionalism make them an invaluable part of the organization."

- Denise Dickins, PhD, CPA, CIA. Accounting Professor at East Carolina University

WHAT ARE SOC 2 REPORTS?

SOC 2 SERVICES

"Sarbey, Lexow & Kaufman's objectivity, independence, and professionalism make them an invaluable part of the organization."

- Denise Dickins, PhD, CPA, CIA. Accounting Professor at East Carolina University

WHAT ARE SOC 2 REPORTS?

DOES MY ORGANIZATION NEED A SOC 2 REPORT?

If your organization relies on vendors to process or safeguard your sensitive data or you are a vendor responsible for keeping sensitive data safe, then a SOC 2 or SOC 3 engagement could be critical for helping your organization identify and mitigate risk.

A successfully completed SOC 2 examination can provide assurance and confidence to stakeholders that your internal controls are designed and operating effectively based on the selected trust services criteria.

If your organization is providing, or plans to provide, services to other large businesses, expect to receive requests for a controls report. Therefore, we recommend reviewing your organization’s business strategy to determine if a SOC report is an appropriate investment for your future client base or an initiative to differentiate your organization from your competition.

WHAT ARE THE DIFFERENT TYPES OF SOC 2 REPORTS?

Type 1: A Type I audit examines the controls used by service organizations to address any one or all five Trust Service Principles. The audit provides assurance that controls are designed effectively to meet the desired objectives at a point in time.

 Type 2: A Type 2 audit includes the same information as a Type I audit, but with the additional attestation that a service organization’s controls are tested for operating effectiveness over a period of time.