Services
SOC Reports
We help businesses like yours prove that their systems are secure, reliable, and compliant with industry standards. If you handle sensitive data or provide services that impact your clients’ financials, a SOC report can give you that extra layer of trust and credibility.
Whether you need to reassure clients, meet regulatory requirements, or just show you take security seriously, we guide you through the audit process, making it as smooth and stress-free as possible—so you can focus on running your business with confidence.
Featured Industries
Show customers they can
rely on you.
Only Certified Public Accountants in good standing can deliver SOC reports, and that’s where we come in. Not only is Perkins an independent third party with extensive SOC reporting expertise, we are a CPA firm licensed with the American Institute of Certified Public Accountants (AICPA).
Getting SOC certified will help:
⦁ Satisfy contract requirements
⦁ Address customer audit requirements
⦁ Comply with regulatory requirements
⦁ Build trust with customers and potential customers
⦁ Gain competitive advantage
⦁ Streamline business processes
⦁ Mitigate risks to achieving key business objectives
THE GOOD NEWS
SOC reports have evolved to keep up with today’s business and technology trends—think cloud computing, outsourcing, and increasing privacy and security expectations.
EVEN BETTER NEWS
We can help you figure out exactly which SOC report fits your needs. Let’s break down the different types of SOC reports and how to choose the right one for your business.
Financial Reporting Controls
SOC 1 Report
WHO NEEDS IT?
Businesses that provide services impacting their clients’ financial reporting (e.g., payroll processors, loan servicers, SaaS companies handling financial data).
PURPOSE
Evaluates internal controls relevant to financial reporting.
REPORT TYPES
SOC 1 Type I: Examines the design of controls at a specific moment.
SOC 1 Type II: Tests the effectiveness of controls over time.
Data Security & Privacy
SOC 2 REPORT
WHO NEEDS IT?
Technology and cloud service providers, SaaS companies, and any business handling sensitive customer data.
PURPOSE
Focuses on security, availability, processing integrity, confidentiality, and privacy.
REPORT TYPES
SOC 2 Type I: Examines the design of controls at a specific moment.
SOC 2 Type II: Tests the effectiveness of controls over time.
SECURITY
AVAILABILITY
PROCESS INTEGRITY
CONDIFENTIALITY
PRIVACY
Publicly Shareable Security Report
SOC 3 REPORT
WHO NEEDS IT?
Businesses that want to demonstrate trust and transparency in security practices without disclosing sensitive details.
PURPOSE
A simplified, public version of SOC 2 without detailed testing results.
SOC for Cybersecurity & Supply Chain
WHO NEEDS IT?
Companies managing cybersecurity risks or supply chain integrity.
PURPOSE
SOC for Cybersecurity: Evaluates an entity’s cybersecurity risk management program.
SOC for Supply Chain: Assesses controls over manufacturing and distribution processes.
Ready to get started?
Let’s talk about your SOC reporting needs.
FREQUENTLY ASKED QUESTIONS
How do auditors rely on SOC 1 reports?
Auditors use SOC 1 reports to assess how your controls impact financial reporting. If you provide outsourced financial services, your clients’ auditors may rely on this report to evaluate risk.
What kind of SOC report do I need?
SOC 1: If your services affect clients’ financial reporting.
SOC 2: If you handle sensitive data and need to demonstrate security and compliance.
SOC 3: If you want a public-facing security report.
Am I ready for a Type 2?
A Type 2 report evaluates controls over time (typically 6–12 months). If you’ve completed a Type 1 report and had time to operate those controls effectively, you’re likely ready.
Why should I get a SOC report?
A SOC report builds trust with clients, regulators, and partners by proving your business meets security and compliance standards. It can also give you a competitive edge.
What SOC 2 criteria is applicable to me?
SOC 2 reports are based on five Trust Services Criteria:
⦁ Security
⦁ Availability
⦁ Processing Integrity
⦁ Confidentiality
⦁ Privacy
Why should I care if my vendors and/or service providers have a SOC report?
If your vendors don’t have strong security controls, your business could be at risk. A SOC report shows they’ve been independently audited, helping mitigate security and compliance risks.
What are Complementary User Entity Controls (“CUECs”) and why should I care about them?
CUECs are controls that you, as a client, must have in place for the service provider’s controls to be effective. Reviewing them ensures you’re meeting your own security and compliance responsibilities.
Should I be worried if a SOC report has exceptions relating to the operating effectiveness of controls?
Not necessarily. Exceptions highlight areas for improvement, but their impact depends on context. Some may indicate minor issues, while others could point to significant risks.
What is the difference between SOC and SOX?
⦁ SOC reports focus on internal controls over security and financial reporting for service providers.
⦁ SOX (Sarbanes-Oxley Act) applies to public companies and focuses on financial reporting compliance.
What is a SOC readiness assessment?
A SOC readiness assessment is a pre-audit review that helps identify gaps and prepare for a successful SOC report.
What does “SOC certified” mean?
There’s no such thing as “SOC certified.” Companies receive a SOC report, not a certification. If a company claims to be SOC certified, ask to see their actual SOC report.
What is a service commitment?
A service commitment is a promise your business makes to customers—such as keeping data secure, maintaining uptime, or protecting privacy. A SOC report evaluates how well these commitments are met.
SOC Reports
Leadership
Don't take our word for it
“The best. I rely on them to get me the proper guidance to move the business forward. Changing to Perkins was one of my best decisions in the last 5 years.”
Mike Crawford
Crawford Holding Company Inc.
“I love my audit and tax teams at Perkins & Co. They are very knowledgeable, easy to work with and excellent business partners.”