A Proven Commitment to Reducing Risk and Improving Your Business

Most successful companies consistently sharpen their organizational strategies to ensure that they stand out against the competition, and service organizations—as well as their user entities—are no exception.

You’ve built your service business to this point through hard work, trustworthiness, and strong client service. But current and potential clients need an additional level of assurance when it comes to outsourcing their processes and services related to financial services (such as payroll or billing), technology services, or any other service that requires you as a service organization to have direct access to their client data. Also, as your organization grows and as cybersecurity risks become more prevalent, clients are requiring a third party audit, certification, and/or completion of a security questionnaire.

Since the inception of SOC reporting, and for over a decade prior when reports were issued  under SAS 70, our professionals have worked closely with clients in the development and testing of appropriate control environments designed to meet AICPA guidance, and addressing compliance mandates for reporting on controls.

Our team also has extensive internal audit experience, assisting clients in the completion of internal audits and risk assessments across all operational domains and IT general controls domains, including operating system and database security; network and application access and security; program change management; systems development lifecycle; computer operations; and business continuity planning.  It is through a combination of internal audit projects, risk assessment engagements, and SOC audits that allow our team to maintain its expansive knowledge of industry best practices.


A SOC report can be a daunting process for any organization from first-timers to veterans who have successfully completed numerous prior reports. Choosing the correct SOC audit partner is one of the keys to success—with their expertise and communication capabilities typically proving to be the greatest differentiators.

To learn more about SOC requirements and considerations—and discuss what your organization’s SOC process will entail—contact SC&H Group.