SOC 2 Compliance

Assurance for You, Confidence for Your Customers

What is a SOC 2 Report?

The System and Organization Control (SOC) 2 examination reports on one or any combination of the AICPA’s Trust Services Criteria including Security, Availability, Processing Integrity, Confidentiality, and Privacy. It demonstrates an organization’s commitment to its customer requirements and cybersecurity best practices.

Purpose and Use

The SOC 2 report is intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization. The report can play an important role in oversight of the organization, vendor management programs, and internal corporate governance and risk management processes.

The report can be distributed to an organization’s stakeholders including user entities, CPAs providing services to such user entities, regulators, and business partners.

AICPA Trust Services Principles

Organizations have the ability to choose one or a combination of the five AICPA Trust Services Criteria depending upon their customer needs:

Security – The system is protected against unauthorized physical and logical access.
Availability – The system is available for operation and used as agreed upon.
Processing Integrity – System processing is complete, accurate, timely and authorized.
Confidentiality – Information designated as confidential is protected as agreed upon.
Privacy – Personal information is collected, used, retained, disclosed, and/or destroyed in accordance with established standards.

Who Needs a SOC 2 Report?

Organizations that should consider a SOC 2 report include Cloud Service Providers (e.g., SaaS, IaaS, PaaS), enterprise systems housing third party data, IT systems management and data center colocation facilities. If you want to communicate your organization’s controls are properly designed, implemented and operating effectively, then the SOC 2 report may be right for you.

Benefits of a SOC 2 Report

Obtaining a SOC 2 report provides assurance to prospective and current clients that you have procedures and controls in place to provide reliable services, which will differentiate your organization during the sales process. Additional benefits include:

Increased trust and transparency with your internal and external stakeholders
Reduced cost of compliance and number of on-site audits
Helps ensure controls are appropriately designed and operating effectively to mitigate risks
Satisfaction of audit requirements

Types of SOC 2 Reports

Type 1 Report

The SOC 2 Type 1 Report (referred to as a point-in-time report), includes an opinion over the suitability of the design of controls at the service organization at a specific point in time. An initial type 1 report often serves as the starting point for subsequent type 2 reviews.

Type 2 Report

The SOC 2 Type 2 Report (referred to as a period of time report) includes an opinion over the suitability of the design of controls at the service organization and the operating effectiveness of the controls throughout a specified period of time. This type of report is often issued annually.

Our Proven Process

At BARR, we are committed to guiding you through every stage of your SOC 2 audit from kickoff to final deliverable and everything in between.

Phase 1

Connect

About us
About you
Solutions
Proposal

Readiness Period (optional)

Readiness Meeting #1

Meet the team
Confirm expectations
System Demo
Confirm Scope

Readiness Meeting #2

Key processes walkthrough
Threat model

Readiness Meeting #3

Debrief
Finalize scope
Prioritize remediation
Review controls

Readiness Meeting #4

Remediate issues prior to audit start period
Confirm controls

Phase 2

3-12 Month Engagement Cycle

Plan

60-120 days before period end

System description
Confirm team
Request information
Schedule assessment

Celebrate & Optimize

30 days after report issuance

Debrief
Rate engagement
Improve security
Next steps

Assess

Half day to one week

Client interviews
Validate evidence
Conclude

Report

30-45 days after period end

Draft report
Quality review
Client sign off
Issue report
Promotional package

For first-time SOC 2 audited companies, BARR is really helpful in preparation.

BARR Advisory ran a very efficient process that used my time in a very efficient way. I would recommend their services to everybody looking for an efficient SOC 2 certification process.

We felt very confident during our SOC 2 audit, knowing that BARR had the right competence and would help us along the way.

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.

Connect With BARR

Why BARR for SOC Reporting

BARR’s SOC clients report services lead to a 70% reduction in customer compliance questionnaires
SOC clients spend 75% less time spent on internal resources needed to pass audit
40% of BARR’s reports are delivered early

Proven practical, adaptive approach that simplifies SOC reporting processes
Team members serve on task forces responsible for developing SOC reporting standards
Competitive, fixed rates to accommodate growing enterprises