We are a cybersecurity compliance firm first, licensed CPA firm second.
With over 20 of cybersecurity experience, the professionals at Lazarus Alliance are completely committed to you and your business’ SOC 1 and SOC 2 SOC audit success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organization.
Would you trust your IT guy with your taxes? Why would you trust a CPA alone with cybersecurity?
System and Organization Controls (SOC) reports enable companies to feel confident that service providers, or potential service providers, are operating in an ethical and compliant manner. No one likes to hear the word audit, but SOC reports establish credibility and trustworthiness for a service provider — a competitive advantage that’s worth both the time and monetary investment.
SOC audit reports utilize independent, third-party auditors like Lazarus Alliance to examine various aspects of a company, such as:
- Processing Integrity
- Controls over Financial Reporting
- Controls over Cybersecurity
Is the SOC 1 Audit Report right for you?
Also known as the SSAE 18, the SOC 1 report has a financial focus; it covers the service organization’s controls that are relevant to an audit of a user entity’s (customer’s) financial statements. Control objectives are related to both business process and information technology.
A SOC 1 – Type 1 audit report focuses on a description of a service organization’s control and the suitability of how those controls are designed to achieve the control objectives as of specified dates. A SOC 1 Type 2 audit report contains the same opinions as a Type 1, but it adds an opinion on the operating effectiveness to achieve related control objectives throughout a specified period. SOC 1 audit reports are restricted to the management of the services organization, user entities, and user auditors.
Is the SOC 2 Audit Report right for you?
The SOC 2 report is also connected to the SSAE 18 standard. It was created in part because of the rise of cloud computing and business outsourcing of functions to service organizations. These are called user entities in the SOC audit reports. Liability concerns have caused a demand in assurance of confidentiality and privacy of information processed by the system.
The SOC 2 report addresses a service organization’s controls that relate to operations and compliance, as outlined by the AICPA’s Trust Services criteria in relation to its services, operations, and compliance. Specifically, it reports on the criteria of availability, security, processing integrity, confidentiality and privacy. A service organization may choose a SOC 2 report that focuses on just security, or also adding anyone of the remaining four Trust Service principles, and may choose either a Type 1 or a Type 2 audit. A SOC 2 report includes a detailed description of the service auditor’s test of controls and results. The use of this report is generally restricted.
Want to learn more?
What are the different types of SOC reports?
SOC reports are governed by the American Institute of Certified Public Accountants (AICPA) and focus on offering assurance that the controls service organizations put in place to protect their clients’ assets (data in most cases) are effective.
There are three primary types: SOC 1, SOC 2, and SOC 3.
The biggest difference between a SOC 1 vs. SOC 2 report is the focus of examination. A SOC 1 report focuses on outsourced services performed by service organizations which are relevant to a company’s (user entity) financial reporting.
A SOC 2 report is also an attestation report issued by an independent Certified Public Accounting (CPA) firm. Its focus addresses operational risks of outsourcing to third-parties outside financial reporting. These reports are based on the Trust Services Criteria which include up to five categories: security, availability, processing integrity, confidentiality and privacy.
A SOC 3 report (formerly known as a SysTrust or WebTrust) covers similar reporting areas as the SOC 2, but isn’t as comprehensive. It excludes certain details of the description and all the detailed control results of testing. Whereas a SOC 2 report restricts users, the benefit of a SOC 3 is that it is a general-use report, making it a great tool for marketing purposes.
Preparing for SOC 1 or SOC 2? Lazarus Alliance provides you with what you need to ensure that you achieve your SOC 1 or SOC 2 assessment goals. Our readiness assessments provide your organization with the technology, techniques and collaborative support of our experienced auditors.
Start working smarter, not harder today
The SOC audit professionals at Lazarus Alliance are completely committed to you and your business’ compliance success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations.