Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

SOC 2 Compliance Examinations

In providing a detailed overview of your organization’s control infrastructure, a SOC 2 examination will evaluate how you achieve your service commitments or promises related to security, service availability, data processing, confidentiality, and/or privacy—a process that Schellman makes easy.

Contact a Specialist Build Your Compliance Roadmap

What is SOC 2?

First introduced in 2009, SOC 2 was developed by the American Institute of Certified Public Accountants (AICPA) as a set of requirements for internal controls to achieve service commitments based on trust services criteria contained within five categories—security, availability, confidentiality, processing integrity, and privacy—that are selected to suit your organization’s service commitments.

The Importance of SOC 2 Examinations

During a SOC 2 examination, an independent third party service auditor like Schellman would assess your internal controls and business processes against your applicable and chosen SOC 2 trust services criteria before providing a report you can share with customers and other stakeholders to reassure them that their data is safe with you.

The Benefits of SOC 2 Compliance

Investing in a SOC 2 examination can benefit your organization in multiple ways:

SOC 2 Examination: Type 1 vs Type 2

When having a SOC 2 examination performed, you’ll need to decide if you need a Type 1 or Type 2 report, as there are key differences in what—and when—they evaluate. While both Type 1 and Type 2 reports can be valuable tools for any organization that handles sensitive customer data, which type you choose will depend on your specific needs and goals, and Schellman will work with you to help you determine which report best suits your business and compliance objectives.

Type 1 SOC 2 Report

Useful for organizations that want to demonstrate their commitment to data security to stakeholders and customers, a SOC 2 Type 1 report evaluates how well-designed and implemented your controls and processes are at a specific point in time. 

Type 2 SOC 2 Report

On the other hand, a SOC 2 Type 2 report is an evaluation over a period of time—typically six months or more. During the examination, your auditor will assess how well-designed and implemented your controls are, as well as whether they’re operating effectively in meeting your chosen trust services criteria categories. 

What to expect for your SOC Examination

We begin each project with your end goals in mind while laying the groundwork for future key project activities. Effective communication and timely coordination of project planning activities are central to our methodology.
Image

Phase 1: Planning and Preparation

The most important step in any SOC 2 examination, this stage will ensure your controls and evidence with the agreed-upon terms and expectations set by your customers, as you and your auditors will work together to determine timelines, scope, and deliverables, among other items necessary to proceed with the examination.

Image

Phase 2: Evidence Request & Collection

The kickoff is considered the start of the engagement. If needed, Schellman will schedule a call at the beginning of, or just prior to, the kickoff to finalize any outstanding items. Schellman will be available to the client with any questions.

By including communication prior to starting, Schellman ensures that no last-minute changes to the project or team have occurred and the Client has the plan prior to the testing and on-site visit.

Image

Phase 3: Testing

After you’ve submitted the requested evidence, your auditors will perform process walkthroughs and interviews in combination with their evidence reviews and inspections—that includes any necessary follow-up conversations with evidence owners as well as cataloguing and documenting the test results.

Image

Phase 4: Reporting

Once testing is complete, you auditors will assemble a draft report containing the test results and other required process narratives and provide it to you for review. Once you approve the contents, it will be finalized for your distribution to customers and other stakeholders.

SOC 2 Jumpstart Guide

In this definitive guide to tailoring your SOC 2 examination, we’ve divided the decisions you’ll need to make into four sections that will progressively customize all the options you have into just the ones you need.

Read this and not only will you have a greater knowledge base on the particulars of SOC 2 internally, but you’ll be able to save time in sales calls, knowing exactly what you want from your auditor, and thereby get started quicker.

Read the Guide

Your SOC 2 Specialist,
Gary Nelson

Gary Nelson is a Principal at Schellman. Gary currently leads Schellman’s SOC 2 practice and is one of the most experienced service auditors in the United States.

Frequently Asked Questions

Have a question? See a list of commonly asked questions below. If you still can't find an answer, contact us!

How Much Does a SOC 2 Audit Cost?

How Long Does a SOC Examination Take?

What is Included in a SOC 2 Report?

How Often Should I Get a SOC 2 Examination?

Contact Us

Fill out this form to talk with one of our specialists. We'll be in touch soon to continue the conversation and help you find what you're looking for.

Contact Us

Fill out this form to talk with one of our specialists. We'll be in touch soon to continue the conversation and help you find what you're looking for.