SOC 2 Reports | SOC 3 Reports | OH | KY | IN

Back Up Your Claim to Data Security

Whether you’re a technology or cloud service provider, or a collections company or contact center, trust is a crucial asset. You handle critical confidential data, from financial transactions to employee and hospital records. So your customers need to know their data is safe in your hands.

Barnes Dennig’s dedicated SOC reporting team can give your customers that verification with a SOC 2 or SOC 3 report.

Watch our SOC reporting video series on the Barnes Dennig YouTube channel.

About SOC 2 and SOC 3 reports

Both SOC 2 and SOC 3 reports provide assurance about compliance and operations. Both focus on controls related to:

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

Which report is right for you?

First, consider what level of assurance you need to provide — and to whom.

SOC 2

SOC 2 reports:

  • Contain the Security or Common Criteria and any other Trust Services Criteria (TSCs) that apply to the controls protecting your system
  • Are meant for customers, prospects, and business partners that rely on your system and your control environment

There are two different categories of SOC 2 reports:

  • SOC 2, Type 1 reports, which evaluate whether controls are properly designed, implemented, and documented at a specific point in time (sometimes called “SOC light”)
  • SOC 2, Type 2 reports, which evaluates whether controls are properly designed, implemented, and documented over a period of time

SOC 3

SOC 3 reports:

  • Consist of a high-level summary and a seal of certification
  • Are meant to be shared with the general public and/or used for marketing purposes

Can’t watch now? Download the transcript. Watch our SOC reporting video series on the Barnes Dennig YouTube channel.

How we prepare your report

Barnes Dennig’s dedicated SOC team includes assurance, IT, and internal control professionals with years of experience preparing SOC reports for a wide range of large and small businesses.  We hire, train, and cultivate IT auditors with a good bedside manner.  We want this process and these reports to be as valuable as possible for you and your customers.

During a typical SOC 2 or SOC 3 examination, the team looks at:

  • Physical security
  • Application security
  • Security administration
  • Internet and infrastructure services
  • IT operations, systems, and programming
  • Controls over software changes
  • General control environment
  • Business continuity planning
  • Your vendors that are key to delivering your service

 

AICPA SOC logo
IPA Top 200 Firms

All the things that matter are always covered. In language I can understand.

— Barnes Dennig Client, 2022

I've been very pleased with the services provided and high-touch service we've received.

— Robin M., CFO

We are an ever-changing client and they work hard to understand what changes we've made, why and how they impact our SOC report.

— Barnes Dennig Client, 2021

Getting requests for your SOC report?

Talk to one of our top SOC reporting pros today.