SOC 2
SERVICES

“For over a decade, I have called upon Sarbey, Lexow & Kaufman to assist us with a wide variety of projects including assisting with acquisitions, conducting internal audits of our various locations and performing financial statement audits of our subsidiaries.  In each case, their team has delivered with professionalism and technical expertise on par with that of the national firms, along with the personal attention of a smaller organization.”  

- Robert H. Lazar, Chief Financial Officer, EVI Industries, Inc.

WHAT ARE SOC 2 REPORTS?

SOC 2 SERVICES

“For over a decade, I have called upon Sarbey, Lexow & Kaufman to assist us with a wide variety of projects including assisting with acquisitions, conducting internal audits of our various locations and performing financial statement audits of our subsidiaries.  In each case, their team has delivered with professionalism and technical expertise on par with that of the national firms, along with the personal attention of a smaller organization.”  

- Robert H. Lazar, Chief Financial Officer, EVI Industries, Inc.

WHAT ARE SOC 2 REPORTS?

DOES MY ORGANIZATION NEED A SOC 2 REPORT?

If your organization relies on vendors to process or safeguard your sensitive data or you are a vendor responsible for keeping sensitive data safe, then a SOC 2 or SOC 3 engagement could be critical for helping your organization identify and mitigate risk.

A successfully completed SOC 2 examination can provide assurance and confidence to stakeholders that your internal controls are designed and operating effectively based on the selected trust services criteria.

If your organization is providing, or plans to provide, services to other large businesses, expect to receive requests for a controls report. Therefore, we recommend reviewing your organization’s business strategy to determine if a SOC report is an appropriate investment for your future client base or an initiative to differentiate your organization from your competition.

WHAT ARE THE DIFFERENT TYPES OF SOC 2 REPORTS?

Type 1: A Type I audit examines the controls used by service organizations to address any one or all five Trust Service Principles. The audit provides assurance that controls are designed effectively to meet the desired objectives at a point in time.

 Type 2: A Type 2 audit includes the same information as a Type I audit, but with the additional attestation that a service organization’s controls are tested for operating effectiveness over a period of time.