360 Advanced Logo Image
Connect with Us
360 Advanced Logo Image
Connect with Us

SOC® 2 Examination

While a SOC 1 Report revolves around financial reporting controls, a SOC 2 Report (System and Organization Controls 2 Report) focuses on non-financial controls relevant to the AICPA Categories: Security, Availability, Processing Integrity, Confidentiality & Privacy.

A SOC 2 is designed for service providers — such as Enterprise IT Outsourcing Services, Managed Security, Customer Support, Healthcare Claims Management & Processing, and FinTech Services — to share information with their clients about the design and operating effectiveness of the controls they have in place.

Take The Next Step
360 Advanced SOC 2 Report Services

SOC 2 Services

Ensure regulatory confidence and shield your business from cyber threats with our Cybersecurity Compliance Programs.

SOC 2 Readiness Assessment
Type 2 Examination & Report
Type 1 Examination & Report
SOC 2+ Examination & Report

SOC 2 Readiness Assessment

This overview is designed to help the service organization prepare for the SOC 2 examination by identifying deficiencies, gaps, and other potential red flags, along with coaching so management can understand their options to repair them.

Learn More

SOC 2 TYPE 2 Examination & Report

A SOC 2 Type 2 Report expresses an opinion on the system description, the design of controls placed into operation and includes whether controls operated effectively throughout a historical period of time. This is typically a twelve-month period. Thus, in addition to what a Type 1 Report addresses, this report incorporates an additional step that 360 Advanced tested the controls and shares the results of those tests.

p
Purpose: The SOC 2 Type 2 assessment includes a description of the controls, the tests performed, the results of those tests, and an overall opinion on the functional design and operational effectiveness of those controls. 
,

Scope:  A SOC 2 Type 2 Report covers the AICPA’s Trust Services Principles and Criteria for Security, Availability, Confidentiality, and Privacy. The report also includes a mapping of the controls tested to ISO/IEC 27001:2013 Annex A / ISO/IEC 27002:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2014, HIPAA security requirements, and FFIEC’s examination guidelines for GLBA Information Security. 

Frequency:  SOC 2 Type 2 Audits are performed annually.

Learn More

SOC 2 Type 1 Examination & Report

A SOC 2 Type 1 Report expresses an opinion on the system description and the design of controls placed into operating as of a point in time. Simply put, this report tells your clients, prospective clients, and their auditors that you accurately represented the description of your system of control and describes the controls related to the AICPA Categories that have been placed into operation as of a point in time to meet your service requirements.

p
Purpose: The SOC 2 Type 2 assessment includes a description of the controls, the tests performed, the results of those tests, and an overall opinion on the functional design and operational effectiveness of those controls. 
Learn More

SOC 2+ Examination & Report

SOC 2+ Hybrid

A SOC 2+ takes the design of controls from a SOC assessment and adds in additional controls from other security frameworks to show compliance on a singular report.

p

Purpose: SOC 2+ reports provide an independent third-party opinion on the design and operating effectiveness of controls relevant to meet other compliance frameworks combined with the SOC 2 controls.

,

Scope: Additional subject matters and controls that can be included in a SOC 2+ include: HITRUST, HIPAA, and CSA STAR.

Frequency: SOC 2+ Audits are performed annually.

Learn More

Learn more about an Integrated Compliance Strategy with our free guide

Integrating your compliance needs into one strategy can save your business time and money. Download our free guide to find out how.

Download Our Integrated Compliance Guide

Begin your SOC Examination today!

Looking for support with SOC 1, SOC 2 or SOC3? We’re here for you!
Fill out the contact form, and within 24 hours, our team will provide the expert guidance you need.

360 Cyber Resources

Explore a wealth of knowledge in our client stories, insightful blogs, cutting-edge white papers, and the latest press releases—your gateway to a repository of expertise and industry insights.

Press Releases

360 Advanced Teams Up with Redapt: Transforming Businesses’ with Scalable, Efficient, and Secure Infrastructure

St. Petersburg, Florida — 11/19/2024 — 360 Advanced, a trusted provider of cybersecurity, audit, and compliance services, is excited to announce its strategic alliance with Redapt, a premier IT solutions provider...

Blog

The Role of SOC Reports in Building Client Trust and Transparency

System and Organizational Controls (SOC) reports offer a transparent view of an organization’s security posture by reporting its relevant organizational and technological controls as it relates to specific services. They...

Blog

Data Connectors Event Recap

The recent Data Connectors Houston Cybersecurity Conference brought together industry leaders, cybersecurity professionals, and IT experts for a day of insightful discussions, networking, and collaboration. This year’s event proved to...
Explore More