SOC 1 Audit Consulting & Compliance Services

SOC 1® Audits Build Confidence

A customer working with your service organization will routinely have their financial statements audited. SOC 1 audit services provided by I.S. Partners LLC provide assurance that your service organization’s controls are designed and operating effectively and that these controls do not negatively impact your customer’s financial statements.

PROCESS

Steps to SOC 1 Audit Success

A SOC 1 audit focuses on both business process controls and information technology controls. The advantage of SOC compliance reporting is that it builds trust regarding implemented internal controls that are vital to customers who receive services from your organization.

Soc 1 audit compliance certification benefits

ADVANTAGES

Why Pursue SOC 1 Auditing?

SOC 1 audit engagements are intended for service providers. For example, if you offer payment processing services to clients, your service organization may require a SOC 1 audit report because you may have an impact on their financial statements. A SOC 1 audit report may be required by your service organization because a client or regulatory body has requested it, or because you are being proactive with information security and compliance.

An audit report provides a broad-based, enhanced assessment the effectiveness of controls and compliance measures. It delivers greater assurance for your customers. The customer will have the assurance that internal control audits affecting their financial reporting are timely and accurate in order to stay in compliance with company policies and government regulations.

WHAT’S INCLUDED

SOC 1 Preparation & Compliance Services

I.S. Partners provides auditing services and attestation in the form of SOC 1 Type 1 and SOC 1 Type II reports. We typically approach SOC audits following this streamlined process:

Scoping
Walk-throughs
Control Design
Gaps Identified

Remediation
Audit/Testing
Reporting

GET STARTED

Take the Anxiety out of SOC 1 Audits

I.S. Partners, LLC is a Certified Public Accounting firm registered with the AICPA (American Institute of Certified Public Accountants) and PCAOB (Public Company Accounting Oversight Board), and is managed by a group of highly seasoned partners who have vast experience in performing SOC audits, FISMA, HIPAA HITECH, Sarbanes-Oxley (Section 404) management self-assessments, Model Audit Rule compliance, and other specialized information technology audits.

From start to finish, our audit team will work closely with your organization to ensure an anxiety-free experience. Our SOC 1 audit services are designed to help your organization build credibility without increasing stress for your team.

AUTOMATION

Free SOC 1 Audit Software for Our Clients

Fieldguide automated SOC 1 audit software is free to use for all I.S. Partners clients. Start working with us and getting faster, less expensive compliance engagements.

More Info

FAQs

Common Questions

What is the difference between a SOC 1 audit and SOC 2 audit?

In its simplest form, a SOC 1 is a report on controls at a service organization relevant to a user entity’s internal control over financial reporting. On the other hand, a SOC 2 report is related to controls at a service organization relevant to the trust services criteria. Read more about SOC 1 vs. SOC 2.

What are the Trust Services Criteria?

Formerly known as the Trust Services Principles (TSP), the TSC still serve as the control criteria used for the assessment and reporting on controls for information and systems. The five TSC are:
1. Security
2. Availability
3. Processing Integrity
4. Confidentiality
5. Privacy

Can we achieve a SOC 1 auditing through auditing?

No such certification exists. Officially, service organizations can only claim that they have been examined in accordance with SOC 1 examination standards and that the corresponding Service Organization Controls (SOC) 1 report should be read for further details. SOC 1 reports are “restricted use” reports intended only for existing customers and their auditors, and not for the general public.

What Is an SSAE 18 audit?

As the basis for the Service Organization Controls (SOC) 1 report, the Statement on Standards for Attestation Engagements (SSAE) No. 18 replaced SSAE No. 16 as of May 1, 2017, assures your customers’ auditors that your service organization controls are well-designed and operating smoothly. It’s an examination to help to build ongoing and long-lasting trust between you and your customer. The term “SSAE 18” has been replaced with simply “SOC 1.”

How Is the SSAE 18 report different from the SSAE 16 report?

While the SSAE 16 was specific to SOC 1 audits, SSAE 18 is an umbrella standard that applies to most types of attestation engagements, clarifying and formalizing requirements to enhance their reporting potential. The SSAE 16 examination will no longer be referred to as an SSAE 16 or SSAE 18 examination, but will simply be known as a SOC 1 examination.
Today’s SOC 1 features significant changes in the following areas:
– Vendor management
– Risk assessment
– Complementary sub-service organization controls
– Data validation

Why was the SSAE 18 audit standard update important?

The SSAE 18 examination standard update was important because it responds to the needs of third-party service providers and respective changes in the business environment. Over the past several years, an increasing number of service organizations have completed SOC 1 audits to satisfy customer demand and industry pressure.

How long does it take to complete a SOC 1 audit?

This depends on how prepared and how many resources your organization must dedicate to the project. The first time through, usually a readiness assessment is performed, and then the Type I phase, which will typically take anywhere from 4 to 6 weeks. However, in situations where an organization does not have the resources or priority assigned, it may take 8 to 10 weeks. A Type II report takes about 8 to 12 weeks to complete, although it may take a little longer during the first audit but become more efficient every year thereafter.

For how long is a SOC 1 audit valid?

Generally, for one year, 12 months.

How much does a SOC 1 audit cost?

Fees are based on the time required by the auditors assigned to the engagement and consider the agreed-upon level of preparation and assistance from the company’s personnel. Fees will vary based on the number of control objectives and control activities within a service organization, whether the audit is a Type I or Type II, and the number of locations included in the audit scope. During the planning phase, you will work with an I.S. Partners representative to discuss your scope.