SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

SOC Examinations & Attestations

SOC 2 Compliance Examinations

In providing a detailed overview of your organization’s control infrastructure, a SOC 2 examination will evaluate how you achieve your service commitments or promises related to security, service availability, data processing, confidentiality, and/or privacy—a process that Schellman makes easy.

Contact a Specialist

What is SOC 2?

First introduced in 2009, SOC 2 was developed by the American Institute of Certified Public Accountants (AICPA) as a set of requirements for internal controls to achieve service commitments based on trust services criteria contained within five categories—security, availability, confidentiality, processing integrity, and privacy—that are selected to suit your organization’s service commitments.

The Importance of SOC 2 Examinations

During a SOC 2 examination, an independent third party service auditor like Schellman would assess your internal controls and business processes against your applicable and chosen SOC 2 trust services criteria before providing a report you can share with customers and other stakeholders to reassure them that their data is safe with you.

The Benefits of SOC 2 Compliance

Investing in a SOC 2 examination can benefit your organization in multiple ways:

SOC 2 Examination: Type 1 vs Type 2

When having a SOC 2 examination performed, you’ll need to decide if you need a Type 1 or Type 2 report, as there are key differences in what—and when—they evaluate. While both Type 1 and Type 2 reports can be valuable tools for any organization that handles sensitive customer data, which type you choose will depend on your specific needs and goals, and Schellman will work with you to help you determine which report best suits your business and compliance objectives.

Type 1 SOC 2 Report

Useful for organizations that want to demonstrate their commitment to data security to stakeholders and customers, a SOC 2 Type 1 report evaluates how well-designed and implemented your controls and processes are at a specific point in time. 

Type 2 SOC 2 Report

On the other hand, a SOC 2 Type 2 report is an evaluation over a period of time—typically six months or more. During the examination, your auditor will assess how well-designed and implemented your controls are, as well as whether they’re operating effectively in meeting your chosen trust services criteria categories. 

What to expect for your SOC Examination

We begin each project with your end goals in mind while laying the groundwork for future key project activities. Effective communication and timely coordination of project planning activities are central to our methodology.
Image

Phase 1: Planning and Preparation

The most important step in any SOC 2 examination, this stage will ensure your controls and evidence with the agreed-upon terms and expectations set by your customers, as you and your auditors will work together to determine timelines, scope, and deliverables, among other items necessary to proceed with the examination.

Image

Phase 2: Evidence Request & Collection

The kickoff is considered the start of the engagement. If needed, Schellman will schedule a call at the beginning of, or just prior to, the kickoff to finalize any outstanding items. Schellman will be available to the client with any questions.

By including communication prior to starting, Schellman ensures that no last-minute changes to the project or team have occurred and the Client has the plan prior to the testing and on-site visit.

Image

Phase 3: Testing

After you’ve submitted the requested evidence, your auditors will perform process walkthroughs and interviews in combination with their evidence reviews and inspections—that includes any necessary follow-up conversations with evidence owners as well as cataloguing and documenting the test results.

Image

Phase 4: Reporting

Once testing is complete, you auditors will assemble a draft report containing the test results and other required process narratives and provide it to you for review. Once you approve the contents, it will be finalized for your distribution to customers and other stakeholders.

SOC 2 Jumpstart Guide

In this definitive guide to tailoring your SOC 2 examination, we’ve divided the decisions you’ll need to make into four sections that will progressively customize all the options you have into just the ones you need.

Read this and not only will you have a greater knowledge base on the particulars of SOC 2 internally, but you’ll be able to save time in sales calls, knowing exactly what you want from your auditor, and thereby get started quicker.

Read the Guide

SOC 2 Specialist

Chad Goubeaux

Chad Goubeaux is a Manager with Schellman based in Columbus, Ohio. Prior to joining Schellman in 2020, Chad worked for a Big 4 accounting firm specializing in financial statement audits. Chad has over 4 years of experience comprised of serving clients in various industries, including Healthcare and Building Materials. Chad is now focused primarily on SOC 1 and SOC 2 examinations for organizations across various industries.

Meet Chad Contact Us

Frequently Asked Questions

Have a question? See a list of commonly asked questions below. If you still can't find an answer, contact us!

How Much Does a SOC 2 Audit Cost?

How Long Does a SOC Examination Take?

What is Included in a SOC 2 Report?

How Often Should I Get a SOC 2 Examination?

Don't see a service you're interested in? 

Talk to a Practice Leader