Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Chad Goubeaux

Chad Goubeaux is a Manager at Schellman based in Columbus, Ohio with nearly 10 years of experience serving clients in auditing and IT compliance. He is a leader of the firm's SOC methodology group and contributes to the AICPA SOC 2 working group, helping to shape industry standards. At Schellman, Chad specializes in SOC 1, SOC 2, SOC 3, and HIPAA attestations. With previous experience in financial statement audits from a Big 4 firm, he brings a strong foundation in risk management and regulatory compliance. A graduate of The Ohio State University, Chad holds multiple certifications, including CPA, CISSP, CISA, CITP, CCSK, and the AICPA Advanced SOC certificate.

Blog Feature

SOC Examinations

By: Chad Goubeaux
March 18th, 2025

If your organization is looking for a way to showcase your commitment to security and compliance to the general public, a SOC 3 report might be the perfect solution. SOC 3 reports offer a high-level summary of your system and controls, tailored for sharing with a broad audience.

Blog Feature

SOC Examinations

By: Chad Goubeaux
June 23rd, 2017

As you likely know, there are different System and Organization Controls (SOC) report options, such as SOC 1 and SOC 2/SOC 3. What may be lesser known is that within those SOC report options, there are also different types, referred to as Type 1 and Type 2. In other words, the specific use of “Type” as a distinguisher are different specified options for both the SOC 1 and SOC 2 reports.

Blog Feature

SOC Examinations | SOC 2

By: Chad Goubeaux
August 1st, 2016

The American Institute of Certified Public Accountants (AICPA) has designed three distinguished SOC reports to accommodate the varying needs of service organizations, each with their own purpose and intended use. As such, when service organizations begin researching System and Organization Controls (SOC) reports, their first consideration often centers around determining which SOC report(s) is best for their needs.

Blog Feature

Education | SOC Examinations | Audit Readiness | SOC 2

By: Chad Goubeaux
August 14th, 2014

Although undergoing a SOC 2 examination is not a mandatory security framework and as such, is not a legal or regulatory requirement for every business, it is often considered a necessity for companies. This is especially true for organizations that regularly store customer data and handle sensitive information.

{