JPGates, CPA, LLC specializes in providing SOC 2 examination and reporting and SOC 2 pre-exam preparation services. As a small nimble CPA firm with over 14 years of combined experience performing SOC 2 engagements, we can provide customized, leading-edge guidance and support – generally at a lower cost than what the larger firms can charge. Our firm’s industry expert has extensive experience with small, medium and large companies performing SOC-2 audits and implementing and auditing controls under ISO27001 and Payment Card Industry Data Security (PCI DSS) standards. This experience allows us to zero in and address your specific needs with respect to information security controls, other controls and SOC 2 reporting. Additionally, our experience in complementary areas such as performing financial audits, implementing industry standard systems of internal control, and providing consulting and tax services enables us to provide SOC 2 services that are uniquely suitable for your entity without losing site of the big-picture. Please feel free to contact me for more information about the benefits of undergoing a SOC 2 examination and to set up a free initial consultation.
Benefits of SOC 2 Examinations
Many organizations (User Organizations) rely on other organizations (Service Organizations) to collect, process, transmit, store, organize, maintain, and dispose of information. However, the User Organizations continue to be responsible for customer information, so User Organizations and their auditors frequently require Service Organizations to undergo SOC 2 engagements performed by an independent CPA. The SOC 2 engagement benefits the User and Service Organizations, auditors, and customers by providing a CPA’s objective evaluation of whether the Service Organization’s controls can meet the information and assurance needs of the User Organization. Examples of services that Service Organizations provide include:
- Build the trust and confidence of customers, regulators, and auditors
- Obtain an objective evaluation from an independent CPA of your entity’s ability to meet information and assurance expectations
- Stand apart from competitors by demonstrating compliance with current standards related to information security, availability, processing integrity, confidentiality, or privacy
- Improve your customer service and enhance customer growth and satisfaction
- Support industry practice frameworks such as HIPAA, FISMA, and FedRAMP
JPGates, CPA, LLC Provides the Following Types of SOC 2 Related Services
SOC 2 Compliance Assessment and Tune-up – Is your company ready for a SOC 2 examination? We can perform a compliance assessment that includes comparing your current system of controls to applicable SOC 2 standards and providing you with our recommendations and an estimate of the cost of any desired additional services. If you decide that further design and implementation assistance is needed, the cost of our compliance assessment can be applied to the cost of the subsequent design and implementation engagement.
SOC 2 System of Internal Control Design and Implementation
- Compliance Assessment – To determine the nature and extent of assistance needed, we will perform a compliance assessment that includes comparing your current system of controls to applicable SOC 2 standards and recommend a strategy.
- Design and Implementation – We will assist you in designing controls to bring your organization in line with applicable SOC 2 standards. Once designed, the controls will be thoughtfully implemented so that they become part of the fabric of your processes and procedures. In addition to complying with SOC standards, designed and implemented controls should improve the quality of your customer’s experience.
- Documentation – Your system of controls needs to be documented. You can rely on our experience to efficiently document your current and / or updated controls.
- Follow-up Compliance Assessment – After the controls have been implemented for an agreed upon period of time, we can return for a compliance assessment to determine if your controls have been properly implemented and maintained and if they are working as intended.
SOC 2 Examinations and Resulting Reports (see Summary of SOC Reports below)
- SOC 2, Type I – A SOC 2, Type I engagement results in our independent and objective opinion of the fairness of your system description and on the suitability of the design of controls. The report is generally restricted to management and certain third parties such as auditors and regulators.
- SOC 2, Type II – A SOC 2, Type II engagement results in our independent and objective opinion of the fairness of your system description and on the suitability of the design of controls, similar to a Type I report plus our independent and objective opinion on the effectiveness of your controls. The report is generally restricted to management and certain third parties such as auditors and regulators.
- SOC 3 – A SOC 3 Report is a summary level SOC 2, Type II report that is easier to read and is generally not restricted to certain users. This report can be provided to potential customers, posted to your website, or used in other marketing activities.
More Information on SOC 2 Engagements
The following files are available for download:
- AICPA SOC flier for user organizations
- AICPA SOC presentation – Marketplace-driven change from SAS 70 to SOC