Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

SOC Examinations & Attestations

Build trust and confidence with your customers and their auditors with an independent SOC 1, SOC 2, or SOC 3 examination.

Build Your Compliance Roadmap Contact a Specialist

Watch: The Various Types of SOC Reports

Schellman & Company is a fully licensed, accredited CPA firm and affiliate of Schellman that helps organizations examine and report on controls, allowing you to better respond to and meet the expectations of user entities.

A variety of assessments to meet your needs

Our team of specialists can provide any of the following to complete your SOC Examinations.

  • Readiness Assessment Schellman performs readiness assessments that enable your organization to assess your current control environment against the requisite control objectives or criteria. Our purpose is to provide clients with actionable intelligence about their preparedness and overall readiness to promote successful examinations.
  • Type 1 Report Schellman performs “Type 1” SOC examinations when management requires a report on the service organization’s operational controls pertaining to the suitability of the design of controls intended to meet control objectives or criteria identified as of a point in time.
  • Type 2 Report Schellman performs “Type 2” SOC examinations when management requires a report on the service organization’s operational controls pertaining to the suitability of the design and operating effectiveness of controls intended to meet the control objectives or criteria identified over a specific period of time.

Frequently Asked Questions

Do service organizations define the control objectives?

User Organizations: Why does my customer want me to get a SOC report?

What is the minimum duration of the reporting period?

Can a SOC report fulfill multiple customer requests?

What are the key benefits of a SOC report?

The difference between Type 1 and Type 2 SOC reports?

When referring to SSAE16 or SOC 1, what is the difference and how do you use these acronyms appropriately?

What is a SOC 2 examination? How is it different than a SOC 1 examination?

Private company: Is a SOC report applicable?

Can a SOC 1 be leveraged for a SOC 2?

Is there a SOC certification similar to an ISO 27001 certification?

Can you provide a quick overview on what a SOC 2 examination is and the difference between a Type 1 and Type 2 report?

Can I include multiple subservice organizations within my SOC 1?

Can I have disaster recovery controls within my SOC 1 test of controls matrix?

Is it important to have formally documented policies and procedures?

Can I share my SOC 1 with a prospect while we are going through an RFP process?

What if I don't want any IT General Controls in my SOC report?

Security checkpoints in your SDLC?

When does a U.S. service organization need an ISAE 3402 report?

What our clients are saying

Working with some of the best organizations in the world, honest feedback is essential. We survey our clients after every engagement, and here is what some of them had to say:

Image
Quote
After working with this team on several engagements, I am always impressed with their level of flexibility and willingness to work through the assessments. The teams are easy to work with and are always available to provide guidance and education when needed."

PCI DSS Validation | Managed Service Provider

Image
Quote
As someone who has interacted with various audit organizations such as PwC, KPMG, EY, etc., the team at Schellman is always at a higher level in terms of knowledge / expertise, professionalism, and customer advocacy. With other audit firms, my experience has always been similar to driving without power steering where I am having to do more work and struggle to stay in my direction. With the Schellman team, it is like driving with not just power steering, but lane departure warning, collision avoidance braking, and blind spot indicators."

ISO 27001 Certification | Software Company

Image
Quote
I don't know what we would do without our partners at Schellman. They've done a great job supporting all our audits, ad-hoc requests, and providing a great level of service to everyone at our organization. We look forward to many more years of continued partnership."

SOC 1 Assessment | Management consulting services company

Discover your best fit

Talk with our SOC and Attestation specialist or take a quick survey to better understand your ideal compliance stack