Skip to main content

SOC 2 & 3 Examinations

SOC 2 and SOC 3 reports provide assurance to your customers that operational controls affecting their security, availability, processing integrity, confidentiality or privacy are in place. These reports build confidence in critical business processes and complement compliance objectives such as HIPAA and PCI.

Types of SOC 2 & 3 Reports

SOC 2, Type I

The SOC 2 report attests to controls that affect operations and information security.  A Type 1 reports on your controls as of a specified date in time.  The report focuses on the suitability of the design of controls related to one or more of the following Trust Service Principles.

  • Security: The system is protected against unauthorized use or access
  • Availability: The system is operating as designed
  • Processing Integrity: System processing is complete, accurate, timely and authorized
  • Confidentiality: Confidential information within the system is protected
  • Privacy: Personal information is collected, used, stored, disclosed and destroyed according to the organization’s privacy policy and the AICPA/CICA GAAP
SOC 2, Type II

When performing a Type II examination, we test the operating effectiveness of your controls over a specified period of time. Our report includes the same content as a Type I report, but also includes an opinion on the operating effectiveness of the controls and a detailed description of our testing procedures and results.


This report is an abbreviated form of the SOC 2 assessment. A SOC 3 simply reports on the adequacy of your information system as it relates to the Trust Services Principles. It does not include an opinion on your description of your operational controls or the operating effectiveness of your controls. A SOC 3 can be shared freely and is frequently used as a marketing tool.

Benefits of SOC 2 Reports

A SOC 2 report will provide your clients with the peace of mind that you have set up effectively designed control objectives and control activities around information systems. Additional benefits include:

  • Satisfy contractual requirements from your customers and reduce future audit requests
  • Provide clients with added confidence in the security of their information
  • Evaluate alignment with other frameworks, such as HIPAA
  • Generate positive publicity by announcing a successful SOC examination
  • Differentiate your organization from your competitors
  • Benchmark controls
  • Provide third-party assurance of effective controls to internal stakeholders


Burke & Associates CPAs, LLP d/b/a Focal Point Data Risk Assurance (“Focal Point Assurance”) is a partner-owned, independent CPA firm licensed in Florida that performs audit, review and other attest services to clients in a variety of sectors.  Focal Point Assurance operates in an alternative practice structure with Focal Point Data Risk, LLC, a professional services firm.  Through separate and independent legal entities, Focal Point Assurance and Focal Point Data Risk, LLC work closely together to serve clients’ business needs.  Focal Point Data Risk, LLC and its affiliated advisory companies are not licensed CPA firms.  Focal Point Assurance and Focal Point Data Risk, LLC are member firms of Focal Point, an affiliation of separate and independent legal professional services firms.  “Focal Point” is the brand name for the Focal Point network.  Any services described herein are provided by Focal Point Assurance or Focal Point Data Risk, LLC (as the case may be) and not by any other member firm of Focal Point.  No member firm of Focal Point has any liability for services provided by other member firms.


tweets by @FocalPointDR

Loading Tweets...