SOC Examinations

Practice Leaders

SOC Examinations

SOC Examinations for Organizations of Any Size, in Any Industry, Delivered by Experienced, Highly-Credentialed and Nationally Recognized SOC Advisors

Whether your service organization is new to SOC examinations or you’re looking for a new provider, Frazier & Deeter’s experienced team of SOC practitioners can help. Our SOC team is led by the AICPA’s SOC School author and instructor, Shelby Nelson. Frazier & Deeter’s team is comprised of professionals with Advanced SOC, CISA, CISSP and CyberSOC certifications. All of our SOC partners are AICPA SOC Peer Review Specialists.

We provide service organizations the practical expertise you need and we utilize a customized approach that emphasizes knowledge transfer, communication and support. We take the time to educate potential and existing clients on SOC reporting and to explain SOC is not just a “check the box” exercise. From the beginning, we partner with you to understand your organization in order to determine the most appropriate SOC examination options to achieve your SOC reporting objectives.

FAQ

1. Do I need a SOC exam?
2. Do I need SOC readiness?

Going directly into an examination without a little pre-work to “get ready” for the SOC examination increases your organization’s risk of having control exceptions that would be required to be reported during an examination.
We help you evaluate your current internal control structure, identify controls and evidence in place in preparation for a SOC examination.
3. How long does a SOC examination take?
4. Could you help me if I've already completed a SOC Examination?

Our process starts with a complimentary review of your existing report from the SOC Peer Review specialist and AICPA SOC School author and instructor, Shelby Nelson or another FD SOC Peer Review specialist.
We will evaluate your current scope and communicate considerations for any changes that may be needed to the SOC examination to best suit your current and future SOC reporting objectives.
5. Could you provide SOC training for my organization or firm?

Our training is customized to suit your needs and provided by the AICPA SOC school author and instructor, Shelby Nelson. Whether you’re an internal audit team who supports your service organization’s SOC examination(s), or an advisory firm seeking ways to improve, streamline or start a SOC reporting practice, our team of seasoned professionals who possess SOC specific credentials are here to help. We take a customized approach to all SOC training based on the experience and knowledge level of your team to tailor learning that supports your objectives.

Understanding SOC Reporting Options

There are several examinations within the SOC suite of services. We are known for our ability to educate our clients, to help you understand which option is best for your organization. SOC examinations are not a requirement, outside of a contractual obligation, for a service organizations, but an elective SOC examination is a way to exemplify and demonstrate your service organization’s commitment to internal control to your customers.

Do you provide services that impact a line item on your customers' financial statements?
Is the security of your customers’ data important to you?

If your organization has committed to the security, availability, processing integrity, confidentiality, and/or privacy of your services, then a SOC 2 is a relevant examination.
The security category is the required category for all SOC 2 reports. The security category contains criteria that each service organization must consider and identify their controls in place to address that criteria. There is no checklist or required controls in the SOC 2 framework.
A SOC 3 is meant to be a general use report, can be posted on your website, but can only be issued after a SOC 2 – Type II examination has been completed. FD can guide you on the applicable categories and criteria that you should address in your SOC 2 examination, whether a SOC 3 would be beneficial and how it should be edited for public use, and assist you in evaluating the adequacy of controls in place at your organization to address the applicable criteria.
Do you need to demonstrate to your Board of Directors or others, your cybersecurity risk management?

The SOC for Cybersecurity provides AICPA guidance on how to report on a service organization’s cybersecurity risk management program. If you are already a SOC 2 reporter, there are potential efficiencies that can be leveraged. FD professionals with the Cybersecurity SOC certification will guide you through leveraging SOC 2 testing efficiencies and the process to generate a Cyber SOC report that can be provided to internal and external stakeholders.
Do you work with a supply chain?

Interested in getting started? Contact our nationally recognized SOC experts today!

Learn More:

Culture of Compliance | SOC Reports – Advantages & What to Expect

A SOC report can demonstrate to your clients and vendors a dedication to trust and security, but what does the process look like? Sabrina Serafin discusses the advantages and history of SOC reporting with Shelby Nelson, a SOC lecturer and…

Culture of Compliance | SOC 2 Update

SOC 2 experts of Frazier & Deeter’s own Process, Risk & Governance practice walk-through the reporting changes. Moderator – Sabrina Serafin | Partner & National Practice Leader Speakers – Gina Gondron | Partner Shelby Nelson | Director Culture of Compliance…

As risk evolves, so does SOC 2 reporting

Technological advances over the past 25 years have driven unimaginable conveniences, but our rapidly evolving technology has also increased the complexity of managing risk. As new risks emerge, the American Institute of Certified Public Accountants (AICPA) continues to adapt the…

1 2

Practice Leaders

Find Your Specialist

Contact Us

Find Your Specialist

Contact Us

Practice Leaders

Shelby Nelson

Gina Gondron

Mindy Milliet