For information on other SOC services, see SOC Readiness and SOC 1 pages.

SOC 2 / 3

We work with and help service organizations create reports on internal controls for the services they provide. Service Organization Control (SOC) reports provide a consistent framework to report these controls. As a CPA firm with deep experience performing SOC reporting audits, we are prepared to assist with issuing SOC 2 and SOC 3 reports:

  • SOC 2

    SOC2 reports are intended to meet the needs of a broad range of users that need information and assurance about the controls at a service organization that affect the security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

    o Enterprise sales enablement
    o Vendor management programs
    o Internal corporate governance and risk management processes
    o Regulatory oversight

    ” All SOC reports can be issued as a Type I or a Type II report. Typically organizations undergoing their initial SOC report will perform a readiness assessment, followed by a Type I report, and then a Type II report annually thereafter:

    • Type I

      Provides independent third party verification by a licensed CPA firm as to whether internal controls described by a service organization are suitably designed to meet specified control objectives, and expresses an opinion by the CPA firm as to the design of the controls at a point in time. A Type I report does not give assurance over a period of time, and is typically utilized for first-time issuers, as a pre-cursor to Type II report

    • Type II

      A Type II report provides independent third party verification by a licensed CPA firm as to whether internal controls described by a service organization are suitably designed to meet specified control objectives, and expresses an opinion by the CPA firm as to the design and operating effectiveness of the controls over a period of time, typically twelve months in duration. A Type II audit is performed annually, and the corresponding report issued. This is what is expected by customers, and their auditors as the procedures are sufficient to replace the work they would otherwise have had to perform

  • SOC2+HITRUST

    Health Information Trust Alliance (HITRUST) is a framework that is intended to be used by any and all organizations that create, access, store or exchange protected health information (PHI). The HITRUST framework can be combined with the SOC 2 framework to make one single report. By doing this your business benefits in many ways:

    • Leverage the HITRUST CSF controls in SOC 2 engagements

    • Realize significant time efficiencies and cost savings by synergies between the HITRUST CSF controls and Trust Services Principles and Criteria

    • Reduce the inefficiencies and costs associated with multiple reporting requirements

    • Increase transparency and communicate to stakeholders through a single deliverable

    • Service organizations’ controls can be considered both from the SOC 2 criteria and HITRUST CSF

  • SOC 3

    Formerly WebTrust and SysTrust reports. Publicly displayable reports built on the same foundation of Trust Services Principles and Criteria.

Bryan Schader

CISSP, CISAInformation Assurance and Security Lead

Bryan started with Cadence in 2016, and leads the Bay Area office. Bryan has spent his career working with technology companies of various sizes providing a variety of IT security and control compliance services including: SOC (Service Organization Control) reporting, ISO 27001 assessments, Internal Audit, External Audit and Risk Assessments. Bryan is a CISSP (Certified Information Systems Security Professional) and CISA (Certified Information Systems Auditor).

bryan@thecadencegroup.com

408.952.9043

Join the Cadence Team

We take great pride in offering a large degree of flexibility to our employees by hiring independent professionals who can manage themselves.

View Open Positions