SOC 2 – Type I and II
SOC Reporting – When to Choose a SOC 2 Report
Whether your company is new to the SOC reporting process and in need of significant guidance or your company has been audited many times, PKM has skills and expertise to ensure an air-tight SOC report. Because our clients are typically required to demonstrate compliance with sophisticated IT frameworks and withstand high due diligence standards, we have experience working with companies that are under substantial scrutiny.
If you are new to the SOC reporting process, it is important to know the difference between the various types of attestation standards. A SOC 2 audit is based on the Trust Services Principles from the AICPA, which can include security, availability, confidentiality, processing integrity and privacy. These audits are not designed for entities that process financial transactions, but rather for businesses that are focused on providing managed security or co-location services as well as entities that hold significant third-party data but do not process financial transactions.
A Full Suite of SOC Reporting Services
There are some entities that require both a SOC 1 and SOC 2 report. Just like a SOC 1 report, a SOC 2 report also comes in two types – Type I and Type II. The main difference is that a Type I report is conducted as of a “point in time,” whereas a Type II report covers a “period of time.” A Type II report is the most common type.
At PKM, we have provided third-party examination (SOC Reporting and its predecessor SAS 70) services for over 20 years. We have built a team to serve companies that count their own clients as some of the largest financial service companies in the United States. The end result is a SOC report that provides confidence to the scrutinizing parties and ultimately helps our clients win more customers and drive growth.