SOC 2 Report Services

SOC 2 reports focus on availability, security, processing integrity, confidentiality and privacy for organizations.

The SOC 2 report demonstrates the control environment over information security, providing service organization management, user entities, business partners, and other parties with information about controls at the service organization relevant to security, availability, processing integrity, confidentiality, or privacy to support users’ evaluations of their own systems of internal control. It is appropriate for companies whose customers desire assurance that their data is protected and they can rely upon your services.

These reports follow the AICPA’s Trust Services Criteria, which is a framework of high level objectives divided into five categories:

Security, Availability, Processing Integrity, Confidentiality, and Privacy

The categories included in a SOC 2 report are selected based on the relevance to the organization’s service commitments and system requirements to its users. While the criteria are prescriptive in SOC 2, the controls designed to meet those criteria are specific and unique to each organization.

Here’s how GBQ can help service organizations understand, prepare, and take action.

What is the SOC 2 Report?

The SOC 2 (Service Organization Control 2) report is an independent assessment that evaluates the effectiveness of a service organization’s controls. This report provides assurance to clients and stakeholders that the organization has established and maintained proper controls to safeguard their data and ensure the reliability of its services.

Here’s some information on how to read and understand a SOC report.

How to Prepare for Your First SOC Examination

Get Ready

During this initial step, GBQ will work with you to define the scope and boundaries of the system being audited. Our team will conduct interviews to guide management through the process of identifying and selecting relevant controls that meet the applicable trust services criteria. We will then assess if any control gaps need to be remediated and provide guidance in writing a system description (a key element of the SOC report!). This process is very hands-on and is where you will determine what services should be included in the SOC examination. This will also identify weak areas that would benefit from adding or modifying controls. The primary outcome of the readiness phase is your gap assessment, or list of specific action items that need to be addressed before starting your first SOC examination.

Remediation

Following the readiness assessment, time and effort are required to remediate any identified control gaps. Our team can be as involved in the process as you desire. At the very least, we prefer to check in with you regularly through this phase so we can provide you with guidance and input while you work through action items.

Type 1 Report

The SOC 2 Type 1 report is a full report including the independent auditor’s opinion, but it is performed as of a specific date and includes only the testing of the design and implementation of controls as of that date. This is the best place to start for first-time SOC candidates because it can be issued as soon as controls are identified to be implemented, much sooner than waiting for a Type 2 period to pass. The Type 1 examination is also a good “dry run” test of the organization’s ability to gather the needed documentation to support the auditing of controls before the specific results of those tests will be included in the report.

Type 2 Report

At least six months after your initial SOC 2 Type 1 report, and not more than 12 months after, a SOC 2 Type 2 report can be issued. The primary difference between the Type 2 and Type 1 engagement is that the operating effectiveness of the controls in place over a period of time are tested in a Type 2 engagement through sampling across the entire audit period, and the testing results are presented in the report.

Partner with GBQ

SOC 2 reports must be completed by an external auditor from a licensed CPA firm. Contact GBQ to get started and learn more about our services.

Empowering growth is only a conversation away. Let’s Connect.

Why GBQ?

Empowering growth is what we do, but our distinct personality is who we are and what makes us the place where people want to work and with whom clients want to do business.

Local Decision Making

Hands-on, collaborative approach within the local market

Bench Strength

Dedicated team with long-term experience in empowering growth

Technical Expertise

Entrepreneurial spirit with multi-national firm experience

Quality Service

Unmatched advice and strategies grounded in a fair fee

Get Started

GBQ has empowered me by changing as my business and personal needs have changed. At GBQ, I know all of my needs will be met.

Angela Petro

Founder, Owner, CEO, Together & Co. and Sweet Carrot

GBQ is not afraid to push us into directions that are outside traditional credit union space. Their level of expertise is comforting.

Dan Sutton

President/CEO, Kemba Credit Union

GBQ has grown to what is a major player in the central Ohio market. People respect them and feel that they can provide great services.

Chuck Gehring

President & CEO, LifeCare Alliance

My favorite thing about working with GBQ is that they have been able to help me grow as an individual. They really get involved and understand your business.

Billy Vickers

President & CEO, Modular Assembly Innovations

GBQ has our vested interest at heart as they serve us; that’s a differentiator. They understand our business and are invested in our success.

Mark Solomon

President & CEO, Primary Financial Company

GBQ has so many different areas of expertise that there is always someone I can turn to that can answer my question.

Misty Marcum

CFO, SEA Limited

GBQ has empowered our growth by helping us understand what we need to do to become firmly in the black.

Merry Korn

CEO, Pearl Interactive Network

When we sit and talk together, we can understand all of the content of the task on hand. That demonstrates a great partnership.

Hassan Saadat

Senior Vice President, Jefferson Industries Corporation

GBQ has empowered my growth by getting involved in the startup community and making sure we are taking the right steps.

Gary Ross

Founder & CEO, Med-Compliance IQ

We had been using one of the Big Four and ended up going with GBQ. They understand our business, have a great team, and give us great advice.

Jim Holloway

CEO & Treasurer, Contract Lumber

I view GBQ as an extension of our management. They are engaging and responsive and are great people to work with.

Phil Ryser

Executive Vice President, Stanley Steemer

What we love most about GBQ is their ability to listen to our concerns and not give us a box to fit into. There is no ceiling, no limitations.

Jim Smith

CEO, Elford

Specialized In Your Industry

Japanese Business Services

Based in Ohio, with a reach and an understanding that spans the globe.

Financial Services

Your industry is complex, but you remain committed to excellence. So do we.

Software and Technology

Connecting your business to success.

Health Care Providers

We have the cure for the challenges your industry faces.

Construction

You’ve built your business. We’ve built a solid practice to help support your growth.

Manufacturing & Distribution

Together, we can develop and deliver successful outcomes.

Real Estate

You deal in transactions, and we deal in the best interests of your business.

Nonprofit

You care about the community, and so do we.

Professional Services

GBQ understands professional services firms for one simple reason: we are one.

Retail

Don’t just count every sale. Make every sale count.

Transportation and Logistics

We help to get you from Point A to Point B

Government

Bringing unique experience to a unique industry

Empowering growth is only a conversation away. Let’s Connect.

Let’s Work Together

Hi, I'm Steve Boston.

As Director, Information Technology Services, I’ll be your first contact at GBQ.

(614) 947-5214

Submit RFP >