SOC 2 audit certification for service organization reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA. Each type of SOC for Service Organizations report is designed to help service organizations meet specific user needs. These reports, prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors), in evaluating the effect of the controls at the service organization on the user entities’ financial statements.
The SOC 2 report details the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
EHR 2.0’s certified privacy and security professionals working along with our partner CPA firms can help your organization comply with SOC 2 audit certification requirements in a most efficient and cost-effective way.
Our SOC 2 audit certification deliverable include but not limited to:
- Control Risk Assessment Report that includes:
- Logical and Physical Access Controls
- System Operations
- Change Management
- Risk Mitigation