Created with Sketch.

SOC Frequently Asked Questions

As one of the region’s largest providers of high-quality SOC reports, we have compiled a library of responses to the questions we are asked nearly every day. We’re happy to share our insights, questions include:

System and Organization Controls (SOC) reports, formerly Service Organization Control reports, are examinations provided by CPAs in connection with system-level controls of a service organization or entity-level controls at other organizations. These engagements are performed in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 18, which is a professional standard promulgated by the American Institute of Certified Public Accountants (AICPA). 

A SOC report is often requested by organizations (user entities) that receive significant services from a service organization and the user entities’ auditors (user auditors). 

  • SOC 1, SOC 2 – SOC for Service Organizations: Trust Services 
  • SOC 2® CSA STAR Attestation
  • SOC 3 – SOC for Service Organizations: Trust Services Criteria for General Use Report
  • SOC for Cybersecurity
  • SOC for Supply Chain

Obtaining a SOC 2 report differentiates the service organization from its peers by demonstrating the establishment of effectively designed internal corporate governance and oversight and allows customers, stakeholders – or both – to gain confidence and place trust in the service organization’s system. 

Prior to undergoing a SOC examination, an organization should engage a CPA firm to perform a SOC Readiness Assessment. SOC Readiness Assessments are designed to assist organizations in assessing their preparedness for a SOC examination. 

About Schneider Downs
SOC Services 

Schneider Downs employs a unique approach to SOC reports, integrating the expertise of information technology, internal audit and external audit professionals. By combining cross-disciplinary knowledge and project management expertise, we are able to effectively deliver on our clients’ expectations. If you are interested in learning how we can assist your organization, please contact us to get started or learn more about our practice at SOC



Download The Content

For the full FAQ document please take a moment to tell us a little bit about you, and we’ll provide instant access to all of our responses.

This field is for validation purposes and should be left unchanged.


Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.