SOC 2 (AT 101 Report)

Whether your company is new to the SOC audit process and in need of significant guidance, or has been audited many times, PKM has the right mix of experience and expertise you need. Because our clients are typically required to demonstrate compliance with sophisticated IT frameworks and withstand high due diligence standards, we have the experience of working with companies that are under substantial scrutiny from their users. The end result is a report that provides confidence to the scrutinizing parties and ultimately helps our clients to win more customers and drive growth.

If you are in fact new to the process, it is important to know the difference between the various types of reports. A SOC 2 audit is based on the Trust Principles from the AICPA which could include security, availability, confidentiality, processing integrity and privacy. These audits are not designed for entities that process financial transactions but rather for businesses that are focused on providing managed security services or co-location services as well as entities that hold significant third-party data but do not process financial transactions. There are some entities that require both a SOC 1 and SOC 2 report.

Just like a SOC 1, a SOC 2 report also comes in two types – Type I and Type II. The main difference is that Type I reports are conducted as of a “point in time,” whereas a Type II reports cover a “period of time” and are the most common type that users typically ask for.

At PKM, we have provided third-party service provider examination (SOC and its predecessor SAS 70) services since 1997. We have built a team to serve companies that count their clients as some of the largest financial service companies in the United States.

Our goal is to add value to your business by reducing risk and increasing long term value – it’s something we do every day.

For more information or to schedule a consultation, please contact Terry Ammons or call 404.420.5679.