SOC Process

SOC* Reporting Process

Our assessment professionals have conducted 2,500+ SOC* evaluations throughout the U.S. & Canada. We can help your organization complete your assessment on time and on budget.

Trusted SOC* Assessor

Your Partner for SOC* Compliance

A SOC engagement doesn’t have to be a large task when you work with the right partner. We have the industry expertise best positioned to help you navigate through the SOC process.

We pride ourselves on going above and beyond to provide the added value and personalized attention to our services and deliver reports in an efficient, professional and quality product while providing the value-added business process and operational recommendations to improve the control environment currently in place.

SOC Process

Speak to a SOC* Specialist

By proceeding, you are agreeing to the terms and conditions in the Auditwerx Privacy Policy.

Efficient SOC* Readiness Process

Are you new to the SOC reporting process? Security compliance and requirements might seem overwhelming, but not when you have the right partner to guide you through. Our experienced team, combined with our unique “hands on” preparation method, limits guesswork and helps you to quickly prepare for a successful SOC assessment.

auditwerx bee headphone icon

What to Expect During Your SOC* Assessment

Every assessment we perform is completed with your end goals in mind. Our communication protocols provide for frequent contact with you throughout the engagement period in order to facilitate delivery on your expected timeline.

Quality Control Review

Experienced partners and professional staff of our firm conduct quality control reviews of our assessments. Our partners’ work is reviewed annually, and the inspection process includes periodic testing of the effectiveness of our quality controls and a continuous improvement program. This risk-based annual inspection is intended to mimic the triennial peer review described in the following paragraph and are performed on completed engagements.

In addition to this inspection, we perform in-process, “pre-issuance” reviews of partners’ work that are chosen for using a risk-based selection process; these reviews are performed by our corporate quality control team. The combination of the in-process and completed engagements is part of our continuous improvement processes.

How Much Will Your SOC* Assessment Cost?

When it comes to compliance certification, service organizations can often find it difficult to balance customer requirements and ROI.

Our goal is to deliver the efficient compliance assessments you need, at a price that makes sense for your business.

Once we have discussed your needs and current environment, there are several factors that impact our cost estimate:

Fixed-Fee Firm

Unlike most firms, Auditwerx is a true fixed fee firm. Our goal is to provide a service that will not only improve your operations, but also, result in a significant ROI.

Scope Expansion

Very few of our clients experience amendments. When necessary, they are usually the result of a scope expansion.

Flexible Structure

Our experienced team understands what your organization needs from a SOC report, and our low overhead ensures that our pricing is based on your need.

SOC Process

We engaged Auditwerx for a SOC 2®* assessment of our fast-growing cloud-based security service. The assessment itself was thorough, but non-disruptive.  The team was highly professional and very knowledgeable. We recommend Auditwerx’s SOC 2® services without reservation.

Virtual Assessment Capabilities

Our virtual assessment process combines minimal hardware, collaborative software, and cameras to allow us to perform all or part of our assessment engagement virtually and in real time. This is neither a “remote assessment” nor a “desk review,” both of which often involve electronic file transfers and little interaction with management. Instead, the virtual assessment includes dialogue with process owners virtually, captures and shares information electronically, and integrates technology seamlessly. We also offer the possibility of performing a hybrid assessment, whereby we reduce our on-site presence by supplementing it with virtual resources.

Our goal is to provide you with the same high-quality assessment services through more focused planning, with reduced distraction, and at a more cost-effective price point. Our virtual assessment process provides you with more access to our specialists involved in your evaluation – regardless of your location.

Increase Time Efficiency

Reduce Travel Costs

Enhance Specialist Interaction

Minimize Training Needs

Ease Evidence Gathering Burden

Engagement Management Platform

Auditwerx utilizes a web-based, third-party, Engagement Management Platform (EMP). This solution acts as a secure portal that provides project completion and deadline driven status of the requests needed to complete the testing. This tool provides great clarity to clients in where the process is and what items are outstanding. The portal is inter-active and provides a messaging center and restriction of access to specific requests to authorized users.

This intuitive solution standardizes the information collection process, enhances client experiences while securely exchanging the necessary information and automatically managing workflow. Our proven process increases efficiencies, in a secure platform that enhances the client experience.

SOC* Compliance FAQ

(Click for More Details)

There is a lot of information about SOC* reporting floating around on the internet. New software tools are popping up every day claiming to save you time and money when it comes to your security compliance assessment. Our detailed FAQ will help breakdown the myths so that you can feel confident in your SOC* assessment.

A SOC report is conducted by a third-party assessor and is intended to provide your clients with assurance regarding your company’s cybersecurity practices. This kind of report shows that your company follows best practices when it comes to finances, security, processing integrity, privacy and service availability. It is an easy way to provide a comprehensive overview of your business’ in-scope systems (the systems connected to the pertinent business functions) through a consistent and recognized framework.  

A “Type 1” report analyzes management’s description of a service organization’s system and the suitability of the design of controls related to the applicable trust services criteria description as of a specified date.  

A “Type 2” report analyzes management’s description of a service organization’s system and the suitability of the design and operating effectiveness of the controls related to the applicable trust services criteria throughout a specified period. This type of report offers assurance to your clients on how your systems are used day-to-day. It usually offers a greater level of trust to your clients because they have more visibility into the way your systems are set up.

SOC assessments must be performed by an assessor like Auditwerx. Even if other automated software tools claim to save you time or money, that may not necessarily be true if they cannot finalize your report. As the SOC assessor that would have to sign off on the report, we would still need to complete the reporting process with you to ensure that all appropriate requirements are met. This could require additional time, money, and headaches that could have been avoided in the first place. 

A SOC* readiness assessment is your best preparation for a SOC* assessment. Our experienced assessment team works to quickly complete your gap assessment in a timely manner, based on your organization’s unique needs. This will identify any gaps in your compliance controls or processes and allow you to remediate them before they impact your final report.

When it comes to compliance, service organizations can often find it difficult to balance customer requirements and ROI.

Our goal is to deliver the efficient compliance assessments you need, at a price that makes sense for your business. Once we have discussed your needs and current environment, there are several factors that impact our cost estimate:

  1. Unlike most firms, Auditwerx is a true fixed fee firm. Our goal is to provide a service that will not only improve your operations, but also, result in a significant ROI.
  2. Very few of our clients experience amendments. When necessary, they are usually the result of a scope expansion.
  3. Our experienced assessors understand what your organization needs from a SOC report, and our low overhead ensures that our pricing is based on your need.
  1.  Your Clients Expect It – Your clients expect you to provide them with an independent
    opinion about your policies, procedures, and controls in the areas of IT, data security, and transaction processing.
  2. Your Systems Need It – While customers value the assurance that a SOC report provides, businesses that undertake a SOC engagement gain valuable insights into their controls’ strengths and weaknesses. These independent third-party reviews are based
    on an objective set of standards to help executives identify systemic problems.
  3. Your Competitors Could Beat You to It – In a competitive market, you can’t afford to cede an advantage to your competition. Even if your business hasn’t encountered a client that requires you to provide a SOC report yet, you are may either be losing ground to competitors who already offer them or failing to press an advantage over competitors who don’t.
  4. Your Industry Demands It – SOC reports deliver a wealth of information about your business to clients, prospects, competitors, and regulators. Not only do they provide evidence of compliance with AICPA
    standards, but they also offer a map to federal standards like NIST and HIPAA. With so much of today’s business transacted electronically, leadership in any sector will require a commitment to rigorous controls.

DISCOVER: What Kind of SOC Report Do You Need?

Our handy guide, “Adding it Up: What Type of SOC Report Do I Need?” is a great starting point to determine what kind of SOC report best fits your company’s business and compliance needs.

When you’re ready to speak with an experienced team about your reporting needs, Auditwerx will be here for you.

Get My Free Download

By proceeding, you are agreeing to the terms and conditions in the Auditwerx Privacy Policy.

Expand Your Knowledge

We use cookies to ensure the best experience. By accessing our site, you agree to our cookie policy.