SOC Examination: Is there a SOC certification similar to an ISO 27001 certification?

June 15, 2015 Debbie Zaller

Is there a SOC certification similar to an ISO 27001 certification?

SOC reporting actually is not considered a certification. As the SOC reports are performed under AICPA attestation standards, they are considered attestation reports. The attestation reports provide an opinion by an independent practitioner/auditor attesting to certain elements about the control environment of a service organization, depending on the SOC report or attestation standard. This is different than an ISO certification that determines an organization’s conformity of their information security management system (ISMS) to the ISO 27001 standard.

About the Author

Debbie Zaller

Debbie Zaller is a Principal at Schellman & Company,LLC. Debbie leads the SOC 2 and SOC 3 service line and is also an AICPA SOC Specialist. Debbie has over 15 years of IT attestation experience and currently spearheads Schellman’s SOC 2 practice, where she is responsible for internal training, methodology creation, and quality reporting. Debbie was a past member of the Florida Institute of Certified Public Accountants’ Board of Governors and served on the Finance and Office Advisory Committee.

More Content by Debbie Zaller
Previous Article
ISO/IEC 27001:2013 Initial Certification – What Do I Need To Know?
ISO/IEC 27001:2013 Initial Certification – What Do I Need To Know?

When it comes to undergoing an ISO/IEC 27001:2013 (ISO 27001) certification audit, the initial certificatio...

Next Article
SOC Certification Similar to ISO 27001 Certification?
SOC Certification Similar to ISO 27001 Certification?

Is there a SOC certification similar to an ISO 27001 Certification?



Want more information on
ISO 27001?

Check out our complete guide

View ISO Guide