Risk Assurance & Advisory

SOC Audit & Compliance

System and Organization Controls (SOC) audits completed efficiently and effectively to show your clients their data is protected.

Our Approach

Proactive Compliance Through Automation

Responding to ad hoc security requests from current or potential clients requires extensive time and resources. Employ the latest automation technologies and leading methodologies to complete fast and quality SOC audits proactively.

SOC Audit Phases

Our Services

SOC Audits & Assessments

Here’s what the different types of SOC audits do for your organization:
SOC Readiness Assessment
Identifies any weaknesses in your control environment before an audit to give you time to remediate issues in advance.
SOC 1
Displays the controls at a service organization relevant to a user entity’s internal control over financial reporting. Generally used to satisfy Sarbanes-Oxley compliance requirements.
SOC 2
Reports on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy. Provides comfort to your customers over selected controls.
SOC 3
Trust Services Report similar to SOC 2 but with less detail. Compliance allows you to publish a seal of compliance on your website.
For Cybersecurity
Provides a trusted opinion on a set of policies, processes and controls in place to prevent cyberattacks against industry best-practice benchmarks.
For Vendor Supply Chain
Applies your internal SOC standards to evaluate your vendors to give your stakeholders confidence in the control environment of your supply chain partners.
Read More
Testimonials

What Our Customers Are Saying

Experts
Patrick Hall - Partner, Audit - San Ramon CA | Armanino
Partner
Patrick is a partner in the Risk Assurance & Advisory practice leading the firm’s SOC and HITRUST practices.

San Ramon, CA
Greg Smith - Partner, Consulting - St. Louis, MO | Armanino
Partner
Greg is a partner in Armanino’s Risk Assurance and Advisory practice.

St. Louis, MO
Ryan Goodbary - Risk Assurance & Advisory | Armanino
Director
Ryan helps clients meet their SOC 1 and 2 reporting requirements through a collaborative approach.

San Francisco, CA
Resources
Back-Office FAQs: Tips for Business Leaders
Article
Too often, business leaders spend more time on back-office processes than on value creation.

May 26, 2021
Digital Media & Ad Tech Firms Are Handling Stronger Privacy Regulations
Article
Data privacy is becoming more important and is being blended with cybersecurity efforts.

May 07, 2021
Webinars
Webinar
Enable sales growth with SOC automation, speed and preparedness.

February 3, 2021 | 11:00 AM - 12:00 PM PST
Associations
microsoft logo square
The Microsoft SSPA initiative (formerly known as Vendor Privacy Assurance Program compliance) is designed to standardize and strengthen the handling of Microsoft customer, partner, and employee personal information by Microsoft vendors worldwide. Microsoft vendors who collect, store or process customer, partner or employee personal information are required to comply with the program.
Shared Assessments Program Logo
As the trusted source in third party risk assurance, the member-driven Shared Assessments Program has been setting the standard in third party risk assessments since 2005. Shared Assessments Program members work together to build and disseminate best practices, building resources that give all third party risk management stakeholders a faster, more rigorous, more efficient means of conducting security, privacy and business resiliency control assessments.
AICPA SOC for Service Organizations Logo
The American Institute of Certified Public Accountants (AICPA) provides information to user auditors and service auditors on understanding and performing SOC for service organization engagements.
HITRUST Certification for SOC Audit
Armanino is approved to provide services using the HITRUST CSF™, a comprehensive security framework that addresses the multitude of security, privacy and regulatory challenges facing organizations to comply with healthcare (HIPAA, HITECH), third-party (PCI, COBIT) government (NIST, FTC) and other industry specific regulations and standards.
Need to Talk?

We're Here For You

If you have any questions or just want to reach out to one of our experts, use the form and we'll get back to you promptly.