SOC 2 and SOC 3 reports provide assurance to your customers that operational controls affecting their security, availability, processing integrity, confidentiality or privacy are in place. These reports build confidence in critical business processes and complement compliance objectives such as HIPAA and PCI.
The SOC 2 report attests to controls that affect operations and information security. A Type 1 reports on your controls as of a specified date in time. The report focuses on the suitability of the design of controls related to one or more of the following Trust Service Principles.
When performing a Type II examination, we test the operating effectiveness of your controls over a specified period of time. Our report includes the same content as a Type I report, but also includes an opinion on the operating effectiveness of the controls and a detailed description of our testing procedures and results.
This report is an abbreviated form of the SOC 2 assessment. A SOC 3 simply reports on the adequacy of your information system as it relates to the Trust Services Principles. It does not include an opinion on your description of your operational controls or the operating effectiveness of your controls. A SOC 3 can be shared freely and is frequently used as a marketing tool.
A SOC 2 report will provide your clients with the peace of mind that you have set up effectively designed control objectives and control activities around information systems. Additional benefits include:
Burke & Associates CPAs, LLP d/b/a Focal Point Data Risk Assurance (“Focal Point Assurance”) is a partner-owned, independent CPA firm licensed in Florida that performs audit, review and other attest services to clients in a variety of sectors. Focal Point Assurance operates in an alternative practice structure with Focal Point Data Risk, LLC, a professional services firm. Through separate and independent legal entities, Focal Point Assurance and Focal Point Data Risk, LLC work closely together to serve clients’ business needs. Focal Point Data Risk, LLC and its affiliated advisory companies are not licensed CPA firms. Focal Point Assurance and Focal Point Data Risk, LLC are member firms of Focal Point, an affiliation of separate and independent legal professional services firms. “Focal Point” is the brand name for the Focal Point network. Any services described herein are provided by Focal Point Assurance or Focal Point Data Risk, LLC (as the case may be) and not by any other member firm of Focal Point. No member firm of Focal Point has any liability for services provided by other member firms.