SOC 2

A SOC 2 report provides your customers with assurance that your organization has operational controls in place to protect their security, availability, processing integrity, confidentiality, and privacy.
SOC 2

What is a SOC 2 Report?

SOC 2 reports are designed to provide detailed information and assurance attesting that the controls at your organization are consistent with one or more of the 5 Trust Service Criteria established by the AICPA: Security, Availability, Processing Integrity, Confidentiality, and Privacy. A successful SOC 2 examination can help you quickly satisfy contractual obligations and reduce audit requests, streamline vendor questionnaire processes, and separate you from your competitors.

Contact Us

Our SOC 2 Services

Focal Point’s diverse team of seasoned CPAs and privacy, security, and compliance specialists can help you align your control environment with the AICPA Trust Services Principles.

SOC 2 Readiness

A SOC 2 attestation carefully examines your controls against the AICPA’s Trust Services Criteria, which aligns with a number of key security and privacy frameworks and regulations, so preparation is critical.

Get in Touch

SOC 2 Examinations

Ready for your 2019 examination? So are we. The experience and unique expertise of our team allows us to streamline your examination, so we can deliver an insightful report quickly and efficiently.

Get in Touch

SOC 2 + HITRUST

As regulations like the GDPR and CCPA arise, audit requests become a bigger burden. To help you streamline these efforts, we can pair your SOC 2 examination with a HITRUST CSF assessment, using guidance from the AICPA and HITRUST. 

Get in Touch

SOC 3 Report

A SOC 3 report is simply an abbreviated version of a SOC 2 report and can be shared freely. Focal Point can provide a SOC 3 report along with your SOC 2 attestation to help you to generate positive publicity around a successful examination.

Get in Touch
SOC 1 or 2?

Type 1 or Type 2?

SOC 2 examinations are split into two distinct report types: Type 1 and Type 2. A Type 1 report assesses the description of your system, as well as the suitability of your control design as of a specific point in time. A Type 2 report tests the operating effectiveness of your controls to determine if they are supporting your control objectives over a period of time. While the two are very similar, a Type 2 report also includes an opinion on the effectiveness of your controls and a detailed description of our testing procedures and results.

Contact Us
Have a question?

Contact Us

Focal Point is excited to take on your biggest data risk challenges. If you'd like to speak to a Focal Point expert or inquire about our services, please fill out the following form.

Featured Insights

Considering a SOC Report for the first time? Looking for more value from your SOC provider? Our experts can guide you along the path, beginning with the resources below.
SOC Report Blog Post
Blog

Which SOC Report is Right for you?

There are a number of different SOC reports, and determining which one your organization needs for a specific purpose can be a challenge. In this post, we’ll look at a brief history of SOC reports as well...
Learn More
SOC for Cybersecurity Blog
Blog

A Closer Look at the AICPA’S SOC for Cybersecurity

A successful SOC for Cybersecurity examination can be shared with executive leadership, potential clients, and other stakeholders to demonstrate the effectiveness of your cybersecurity program. Delivered by an...
Learn More
Third Party Risk Management Blog
Blog

Top Trends in Third-Party Risk Management

Roughly 61% of U.S. companies have experienced a data breach caused by a third party. To address this risk, many organizations are changing their approaches to third-party risk management...
Learn More

Burke & Associates CPAs, LLP d/b/a Focal Point Data Risk Assurance (“Focal Point Assurance”) is a partner-owned, independent CPA firm licensed in Florida that performs audit, review and other attest services to clients in a variety of sectors.  Focal Point Assurance operates in an alternative practice structure with Focal Point Data Risk, LLC, a professional services firm.  Through separate and independent legal entities, Focal Point Assurance and Focal Point Data Risk, LLC work closely together to serve clients’ business needs.  Focal Point Data Risk, LLC and its affiliated advisory companies are not licensed CPA firms.  Focal Point Assurance and Focal Point Data Risk, LLC are member firms of Focal Point, an affiliation of separate and independent legal professional services firms.  “Focal Point” is the brand name for the Focal Point network.  Any services described herein are provided by Focal Point Assurance or Focal Point Data Risk, LLC (as the case may be) and not by any other member firm of Focal Point.  No member firm of Focal Point has any liability for services provided by other member firms.