Practice Leaders

Shelby Nelson

PRG Partner
404.573.4414
Atlanta, GA

shelby.nelson@frazierdeeter.com Download
Sabrina Serafin

PRG Partner
404.253.7482
Atlanta, GA

Sabrina.Serafin@frazierdeeter.com Download
Gina Gondron

PRG Partner
404.573.4054
Atlanta, GA

Gina.Gondron@frazierdeeter.com Download
Mindy Milliet

PRG Principal
615.416.6878
Nashville, TN

mindy.milliet@frazierdeeter.com

SOC Examinations

Delivered by Experienced, Credentialed and Nationally Recognized SOC Advisors for Organizations of Any Size and Any Industry

Whether your service organization is new to SOC examinations or is looking for a new provider, Frazier & Deeter’s experienced team of SOC practitioners can help. Our SOC team is lead by the AICPA’s SOC School author and instructor, Shelby Nelson and is comprised of professionals with Advanced SOC Certifications, CISA, CISSP and CyberSOC certifications. All of our SOC partners are AICPA SOC Peer Review Specialists.

We provide service organizations the practical expertise you need and provide a customized approach that emphasizes knowledge transfer, communication and support. We take the time to educate potential and existing clients on SOC reporting, and explain SOC is not just a check the box exercise. From the beginning, we partner with you to understand your organization to determine the most appropriate SOC examination options for your service organization to achieve your SOC reporting objectives.

FAQ

1. Do I need a SOC exam?
2. Do I need SOC readiness?

Going directly into an examination without a little pre-work to “get ready” for the SOC examination increases your organization’s risk of having control exceptions that would be required to be reported during an examination.
We help you evaluate your current internal control structure, identify controls and evidence in place in preparation for a SOC examination.
3. How long does a SOC examination take?
4. Could you help me if I've already completed a SOC Examination?

Our process starts with a complimentary review of your existing report from the SOC Peer Review specialist and AICPA SOC School author and instructor, Shelby Nelson or another FD SOC Peer Review specialist.
We will evaluate your current scope and communicate considerations for any changes that may be needed to the SOC examination to best suit your current and future SOC reporting objectives.
5. Could you provide SOC training for my organization or firm?

Our training is customized to suit your needs and provided by the AICPA SOC school author and instructor, Shelby Nelson. Whether you’re an internal audit team who supports your service organization’s SOC examination(s), or an advisory firm seeking ways to improve, streamline or start a SOC reporting practice, our team of seasoned and possess SOC specific credentials are here to help. We take a customized approach to all SOC training based on the experience and knowledge level of your team to tailor learning that supports your objectives.

Understanding SOC Reporting Options

There are several examinations within the SOC suite of services. We are known for our ability to educate our clients, and help you understand which option is best for your organization. SOC examinations are not a requirement, outside of a contractual obligation, for a service organizations. An elective SOC examination is a way to exemplify and demonstrate your service organization’s commitment to internal control to your customers.

Do you provide services that impact a line item on your customers' financial statements?
Is the security of your customers’ data important to you?

If your organization has committed to the security, availability, processing integrity, confidentiality, and/or privacy of your services, then a SOC 2 is a relevant examination.
The security category is the required category for all SOC 2 reports. The security category contains criteria that each service organization must consider and identify their controls in place to address that criteria. There is no checklist or required controls in the SOC 2 framework.
A SOC 3 is meant to be a general use report, can be posted on your website, but can only be issued after a SOC 2 – Type II examination has been completed. FD can guide you on the applicable categories and criteria that you should address in your SOC 2 examination, whether a SOC 3 would be beneficial and how it should be edited for public use, and assist you in evaluating the adequacy of controls in place at your organization to address the applicable criteria.
Do you need to demonstrate to your Board of Directors or others, your cybersecurity risk management?

The SOC for Cybersecurity provides AICPA guidance on how to report on a service organization’s cybersecurity risk management program. If you are already a SOC 2 reporter, there are potential efficiencies that can be leveraged. FD professionals with the Cybersecurity SOC certification will guide you through leveraging SOC 2 testing efficiencies and the process to generate a Cyber SOC report that can be provided to internal and external stakeholders.
Do you work with a supply chain?

Interested in getting started? Contact our nationally recognized SOC experts today!

Learn More:

Culture of Compliance | SOC Reports – Advantages & What to Expect

A SOC report can demonstrate to your clients and vendors a dedication to trust and security, but what does the process look like? Sabrina Serafin discusses the advantages and history of SOC reporting with Shelby Nelson, a SOC lecturer and…

Culture of Compliance | SOC 2 Update

SOC 2 experts of Frazier & Deeter’s own Process, Risk & Governance practice walk-through the reporting changes. Moderator – Sabrina Serafin | Partner & National Practice Leader Speakers – Gina Gondron | Partner Shelby Nelson | Director Culture of Compliance…

As risk evolves, so does SOC 2 reporting

Technological advances over the past 25 years have driven unimaginable conveniences, but our rapidly evolving technology has also increased the complexity of managing risk. As new risks emerge, the American Institute of Certified Public Accountants (AICPA) continues to adapt the…

1 2

Practice Leaders

Shelby Nelson

PRG Partner
404.573.4414
Atlanta, GA

shelby.nelson@frazierdeeter.com Download
Sabrina Serafin

PRG Partner
404.253.7482
Atlanta, GA

Sabrina.Serafin@frazierdeeter.com Download
Gina Gondron

PRG Partner
404.573.4054
Atlanta, GA

Gina.Gondron@frazierdeeter.com Download
Mindy Milliet

PRG Principal
615.416.6878
Nashville, TN

mindy.milliet@frazierdeeter.com

Privacy Overview

When you use or access the Site, we use cookies, device identifiers, and similar technologies such as pixels, web beacons, and local storage to collect information about how you use the Site. We process the information collected through such technologies, which may include Personal Information, to help operate certain features of the Site (e.g., to prevent online poll participants from voting more than once), to enhance your experience through personalization, and to help us better understand the features of the Site that you and other users are most interested in.

You can enable or disable our use of cookies per category.

Necessary

Always Enabled

Functionality

Performance

Tracking or Targeting