SOC Assessment Services
Demonstrate cybersecurity and financial controls
Validate your controls that protect sensitive data
Demonstrate your cybersecurity commitment
A System and Organization Controls report (SOC 1, SOC 2, or SOC 3) is a widely recognized examination that helps promote trust and confidence in your organization’s cybersecurity and financial controls. SOC reports conform to prescribed reporting standards issued by the American Institute of CPAs (AICPA). Coalfire Controls, an affiliate of Coalfire, is a fully licensed, accredited CPA firm with experienced cybersecurity professionals who can examine and report on your organization's controls that protect sensitive data.
SOC Assessment Services
Readiness Assessment
During a readiness assessment, we dive into the intricacies of SOC reporting and help you determine any gaps requiring remediation prior to pursuing your SOC report.
SOC 1 Report
A SOC 1 report focuses on controls and processes that could impact a company’s financial reporting. If your system or services impact your customer's financial statements or internal controls over financial reporting, a SOC 1 report may be right for your organization.
We conduct a formalized SOC 1 examination and report on the suitability of design and implementation of controls at a specific point in time.
SOC 2 Report
A SOC 2 report addresses a service organization’s system controls related to the AICPA Trust Service Categories (TSCs) of security, availability, processing integrity of a system, or the confidentiality or privacy of the information processed by that system. A SOC 2 report requires sample testing several controls – such as HR functions, logical access, and change management – to ensure the controls in place were operating effectively during the examination period.
We conduct a formalized SOC examination and report on the suitability of design and operating effectiveness of controls over a period of time (typically at least six months).
SOC 3 Report
SOC 3 is a redacted SOC 2 Type 2 report that removes any proprietary and/or confidential information so it can be made publicly available. It is often utilized as marketing collateral.
SOC for Cybersecurity Reporting
The AICPA developed cybersecurity risk management reporting framework that assists organizations as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs. The framework is a key component of a new System and Organization Controls (SOC) for Cybersecurity engagement, through which we will help you report on an organizations' enterprise-wide cybersecurity risk management program.
SOC for Supply Chain Reporting
SOC for Supply Chain is the most recent SOC reporting option addition to the AICPA’s Suite of SOC Services. This report is designed to provide relevant information to organizations up and down their supply chain and is specifically designed for all industries and stakeholders seeking to manage supply chain risks. We will help you to communicate certain information about the supply chain risk management efforts and assess the effectiveness of system controls that mitigate those risks.
SOC Related Reporting Services
We can examine and report on the following SOC-related controls: Cloud Security Alliance Security Trust & Assurance Registry (CSA STAR) attestation, BSI C5 attestation, Microsoft SSPA, and for other subject matter, we can issue reports based on agreed-upon procedures under SSAE standards.
Combined Frameworks Reporting
Leveraging our 20+ years of experience, expertise across 75+ frameworks, and our compliance automation platform Compliance Essentials, we can couple your SOC report with other efforts to reduce audit fatigue and even provide a combined report (e.g., SOC and HIPAA or SOC and CSA STAR).
Build confidence with demonstrated cybersecurity and financial controls
People + Tech
Coalfire has over 20 years of cybersecurity and compliance assessment experience and expertise from delivering 3000 assessments annually.
500+ SOC reports delivered annually
75% of our SOC engagements are for major Cloud Service Providers.
People
Our qualified and dedicated team of SOC specialists ensure we provide the best guidance to handle the most complex scenarios. Coalfire is a participating member of the AICPA peer review program.
Platform
We can help you coordinate assessments across more than 75+ compliance frameworks using the Coalfire Compliance Essentials compliance automation platform.
Outcome
Enhance the success rate of SOC compliance by working with SOC experts and a platform to help you automate the compliance process.
Frequently asked questions
What is SOC Type 1?
A formalized SOC examination and report on the suitability of design and implementation of controls as of a point in time. This is a starting point for demonstrating controls.
What is SOC Type 2?
A formalized SOC examination and report on the suitability of design and operating effectiveness of controls over time (typically at least six months). SOC Type 2 reports are commonly required by customers to ensure entities maintain controls that support their security and trust requirements.
Can Coalfire help with advisory services and also attest my SOC program?
Independence must be maintained by your SOC auditor. For specific questions, please discuss this with your Coalfire engagement team.
What is a SOC for Cybersecurity?
This SOC report focuses on an entity’s cybersecurity risk management program and is meant for investors, boards of directors, and senior management.
What is a SOC for Supply Chain?
To help entities better assess and manage supply chain risk, this examination and SOC report provides an audited track record for customers, business partners, and other interested parties to show an entity’s commitment to these stakeholders.