SOC 1, SOC 2 and SOC 3 Audits: We are ready when you are! Call +1 (888) 896-7580 today.

The professionals at Lazarus Alliance are completely committed to you and your business’ SSAE 16, SSAE 18, SOC 1 and AT-101 SOC 2 audit success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations.
Our competition may want to keep you and your employees in the dark where security, risk, privacy and governance are concerned hoping to conceal their methodology and expertise. We don’t prescribe to that philosophy. We believe the best approach is transparent and built on a partnership developed on trust and credibility creating sustainability within your organization.

Just the facts ...

Lazarus Alliance’s primary purpose is to help organizations attain, maintain, and demonstrate SSAE 16, SSAE 18, SOC 1 and AT-101 SOC 2 audit compliance and information security excellence – in any jurisdiction.
Lazarus Alliance specializes in IT security, risk, privacy, governance, cyberspace law, SSAE 16, SSAE 18, SOC 1 and AT-101 SOC 2 audit compliance leadership solutions and is fully dedicated to global success in these disciplines. We can help your organization too! Our client’s come from all business sectors across the world.

SSAE 16, SSAE 18, SOC 1 and AT-101 SOC 2 Audit Assessment Overview

An SSAE 16, SSAE 18, SOC 1 and AT-101 SOC 2 audit shows your commitment to maintaining a sound control environment that protects your client’s data and confidential information.

A SOC report with Lazarus Alliance gives you compliance along with a recognizable third-party assurance report that is internationally recognized.

Not sure which report is right for your organization? Use the Quick Scoping Quiz on the right side of this page or read on!

SSAE 16 and 18 Reports (SOC 1 Report)

Achieve compliance and gain market share. Prevent or reduce redundant customer third party audits. Put an industry leader in your corner who understands your industry and the regulatory pressure you face.
Get SSAE 16 and SSAE 18 SOC 1 compliant through Lazarus Alliance's audit Cybervisors that will design a customized process to help your organization benchmark and compare internal controls against industry best practices.

Understanding the SSAE 16 and SSAE 18

The new SSAE 18 SOC 1 is an internationally recognized third-party assurance audit designed for service organizations that replaced the SSAE 16 and older SAS 70. Service organizations that impact their clients client financial reporting should consider an SSAE 16 or SSAE 18 to meet customer requirements.
The former SSAE 16 and new SSAE 18 SOC 1 provides service organizations benchmarks for comparing internal controls. Lazarus Alliance can help you work through the complexity and uncertainty and help you achieve compliance.

Serious Confidence

Give customers confidence that your service organization meets the highest global standards for internal controls. Differentiate your company from competitors. Eliminate additional customer audits and self-assessment questionnaires. Gain instant credibility, the potential to grow your market share, and the ability to independently assess controls.

AT 101 (SOC 2 Report)

Your company provides the best technology systems and now you can prove it. Assure security, availability, processing integrity, confidentiality and privacy. A SOC report with Lazarus Alliance gives you compliance along with a recognizable third-party assurance report.
Lazarus Alliance utilizes ITAM which brings you custom assessment frameworks and reporting tools so SOC 2 engagements which are completed efficiently, effectively and far more economically.
Our in-house Cybervisors who are experts drawing from years of experience across a plethora of industries will provide you with the most sophisticated level of service. Your success is our success.

Is a SOC 2 right for you?

Test your information systems against best practices and ensure that you have critical controls in place to provide security, confidentiality of stored information, processing integrity of transactions, system availability and privacy.

SOC 2 benefits the following industries:

  • Hosting providers
  • Production printing
  • Software as a Service (SaaS)
  • Application Service Providers (ASP)
  • Healthcare service providers
  • Government service providers
  • And more!
SOC 2 reporting criteria is identical to Trust Services SOC 3—but the difference is how the report is formatted. SOC 2 reports provide detail reporting and testing procedures for third parties to evaluate. Be sure to consider A SOC 1 (SSAE) report if your service potentially impacts one or more clients financial reporting activities.

SysTrust / WebTrust Audit (SOC 3 Report)

Earn stakeholders’ trust and drive sales. Achieve verification that your systems protect confidentiality and preserve data privacy. Assure customers that your systems process transactions accurately. SOC 3 compliance, including WebTrust and SysTrust, is specifically designed for companies seeking independent assurance related to information systems and e-commerce.
Security and compliance sells! WebTrust and SysTrust companies establish credibility and build consumer confidence. Those who complete a WebTrust and SysTrust attestation audit can market their systems with a seal signaling their commitment to excellence.

SOC 3 benefits the following industries:

  • Healthcare
  • Financial services
  • Payroll providers
  • Professional Employer Organizations (PEOs)
  • Collection companies
  • Data center and colocation services
  • Application Service Providers (ASPs)
  • Software as a Service (SaaS)
  • Third Party Administrators
  • Managed service providers
  • ACH processors
  • And more!

A Trusted Framework

The American Institute of CPAs (AICPA) and Canadian Institute of Chartered Accountants (CICA) established the foundation of the Trust Services Framework, which includes:
  • Security: The system is protected against unauthorized access, physical and logical.
  • Availability: The system is available for operation and use as committed or agreed.
  • Processing Integrity: System processing is complete, accurate, timely and authorized.
  • Confidentiality: Information designated as confidential is protected as committed or agreed.
  • Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA.

The Trust Evaluation Categories

Criteria is organized in four broad areas and evaluated in the categories of security, availability, processing integrity and confidentiality.
Criteria is organized in four broad areas and evaluated in the categories of security, availability, processing integrity and confidentiality.
The areas include:
  • Policies: The entity has defined and documented its policies relevant to the particular principle.
  • Communications: The entity has communicated its defined policies to responsible parties and authorized users of the system.
  • Procedures: The entity placed in operation procedures to achieve its objectives in accordance with its defined policies.
  • Monitoring: The entity monitors the system and takes action or maintain compliance with its defined policies.

What is the difference between a Type 1 or Type 2 report?

  • A Type 1 SOC report only covers the fair presentation and design of the controls as of a point in time.
  • A Type 2 SOC report covers a period of time and includes tests of operating effectiveness of controls.
  • The minimum time period for a SOC 1 Type 2 is six (6) months and the minimum time period for a SOC 2 Type 2 is three (3)months.
  • Generally users find Type 2 reports to be more meaningful.

Additional Guidance

Which SOC Report does your company need? Click the link to get your free reference guide: Download the AICPA explanation brochure.

If you are still not sure if you need a SOC 1, 2, 3 or all of them, A Lazarus Alliance Cybervisor will walk you through these reporting standards and advise on what your organization needs to stay compliant, competitive and cost-efficient.

We want to be your partner and audit assessor of choice! For additional information please contact us using the form to the right or calling +1 (888) 896-7580 today.