What is a SOC 2 report? If you are a service provider who stores or accesses customer data, your customers may already be asking you for this. Under the guidelines of the AICPA, SOC 2 goes beyond a technical audit and ensures that your organization has established and follows strict information security policies and procedures, around the security, availability, processing, integrity, and/or confidentiality of your customers’ data.

 

There are two types of SOC 2 reports; Type 1 and Type 2.

 

A SOC 2 Type 1 examination is performed to show your customers the fairness of your system and the suitability of the design of your controls as of a specific date.

 

A SOC 2 Type 2 covers a period of time and reports on the fairness of presentation of your system and the suitability of the design and operating effectiveness of controls. The result is a restricted use report to be used only by customers and other third-parties familiar with your system.

Our experienced staff will walk you through the entire process from start to finish in order to achieve results that represent how you do business. The Mako Group can help through each step of the SOC 2 process, including:

• Performing a pre-assessment to identify areas needing improvement,

• Interpreting your customers’ needs to determine which reports to pursue,

• Performing the assessment, and

• Issue the final report through The Mako Group CPAs, PLLC.