Discovery Workshop
Accelerate digital initiatives with rapid clarity, alignment, and validated direction.
Diginatives’ Discovery Workshop helps enterprises define product vision, validate assumptions, reduce technical risk, and align stakeholders before development begins. Our structured process enables smarter decisions, faster execution, and higher ROI for US, UK, and UAE technology leaders.
SOC Examinations & Attestations
SOC 2 Compliance Examinations
In providing a detailed overview of your organization’s control infrastructure, a SOC 2 examination will evaluate how you achieve your service commitments or promises related to security, service availability, data processing, confidentiality, and/or privacy—a process that Schellman makes easy.
What is SOC 2?
First introduced in 2009, SOC 2 was developed by the American Institute of Certified Public Accountants (AICPA) as a set of requirements for internal controls to achieve service commitments based on trust services criteria contained within five categories—security, availability, confidentiality, processing integrity, and privacy—that are selected to suit your organization’s service commitments.
The Importance of SOC 2 Examinations
During a SOC 2 examination, an independent third party service auditor like Schellman would assess your internal controls and business processes against your applicable and chosen SOC 2 trust services criteria before providing a report you can share with customers and other stakeholders to reassure them that their data is safe with you.
The Benefits of SOC 2 Compliance
Investing in a SOC 2 examination can benefit your organization in multiple ways:
Provide Reassurance for You and Your Customers
After you’ve worked to ensure your internal controls address the SOC 2 criteria for security (and other trust service criteria categories), an impartial third party will confirm the systems and processes you have in place to fulfill your service commitments.
Gain Market Differentiation
Successfully passing a SOC 2 examination is objective evidence that you’ve taken steps to secure your customers’ data, which improves your credibility and brand reputation within your market.
Establish a Solid Compliance Foundation
The SOC 2 examination has become a very popular compliance initiative—not just because your controls are up to an industry-accepted standard, but because they also sync well with other frameworks and regulations, like ISO 27001 and HIPAA.
SOC 2 Examination: Type 1 vs. Type 2
When having a SOC 2 examination performed, you’ll need to decide if you need a Type 1 or Type 2 report, as there are key differences in what—and when—they evaluate. While both Type 1 and Type 2 reports can be valuable tools for any organization that handles sensitive customer data, which type you choose will depend on your specific needs and goals, and Schellman will work with you to help you determine which report best suits your business and compliance objectives.
Type 1 SOC 2 Report
Useful for organizations that want to demonstrate their commitment to data security to stakeholders and customers, a SOC 2 Type 1 report evaluates how well-designed and implemented your controls and processes are at a specific point in time.
Type 2 SOC 2 Report
On the other hand, a SOC 2 Type 2 report is an evaluation over a period of time—typically six months or more. During the examination, your auditor will assess how well-designed and implemented your controls are, as well as whether they’re operating effectively in meeting your chosen trust services criteria categories.
What to expect for your SOC Examination
We begin each project with your end goals in mind while laying the groundwork for future key project activities. Effective communication and timely coordination of project planning activities are central to our methodology.
Phase 1: Planning and Preparation
The most important step in any SOC 2 examination, this stage will ensure your controls and evidence with the agreed-upon terms and expectations set by your customers, as you and your auditors will work together to determine timelines, scope, and deliverables, among other items necessary to proceed with the examination.
Phase 2: Evidence Request & Collection
The kickoff is considered the start of the engagement. If needed, Schellman will schedule a call at the beginning of, or just prior to, the kickoff to finalize any outstanding items. Schellman will be available to the client with any questions.
Phase 3: Testing
After you’ve submitted the requested evidence, your auditors will perform process walkthroughs and interviews in combination with their evidence reviews and inspections—that includes any necessary follow-up conversations with evidence owners as well as cataloguing and documenting the test results.
Phase 4: Reporting
Once testing is complete, your auditors will assemble a draft report containing the test results and other required process narratives and provide it to you for review. Once you approve the contents, it will be finalized for your distribution to customers and other stakeholders.
SOC 2 Jumpstart Guide
In this definitive guide to tailoring your SOC 2 examination, we’ve divided the decisions you’ll need to make into four sections that will progressively customize all the options you have into just the ones you need.
Read this and not only will you have a greater knowledge base on the particulars of SOC 2 internally, but you’ll be able to save time in sales calls, knowing exactly what you want from your auditor, and thereby get started quicker.
Featured Learning Center Content
SOC 2 Specialist
Chad Goubeaux
Chad Goubeaux is a Manager at Schellman with nearly 10 years of experience serving clients in auditing and IT compliance. He is a leader of the firm’s SOC methodology group and contributes to the AICPA SOC 2 working group.
Frequently Asked Questions
Have a question? See a list of commonly asked questions below. If you still can’t find an answer, contact us!