SOC Reports

Systems and Organization Control (SOC) Reports under SSAE 18 and Trust Services

Third-party service providers find themselves increasingly under the microscope. Several recent high-profile fraud and cybersecurity incidents could be traced back to weaknesses in a vendor's control environment. As a result, clients, their auditors and regulators are taking a closer look at providers' internal controls.

MHM* helps vendors address the scrutiny through our full range of Systems and Organization Control (SOC) report services from SOC 1 under SSAE 18 and SOC 2 and SOC 3 under Trust Services and SOC for Cybersecurity under AICPA criteria. The independent assessments of the design, implementation and functioning of service organizations' internal controls provide information their clients can use for financial reporting and risk management.

SOC Services

SOC reports may come as part of a client's financial statement audit, but many vendors are electing to undergo SOC reports proactively to gain a competitive edge.

Whatever the source of the request, we leverage national resources and technical expertise to help you address it in a timely, cost-effective manner. We offer a full range of SOC report services, including:

  • SOC 1 Reports: We evaluate, test and opine on whether financial reporting controls are suitably designed and fairly represented as well as whether controls are operating effectively.
  • SOC 2 Reports: Our team looks into how your information technology controls over processes and people measure up to core SOC 2 trust principles of security, availability, processing, integrity, confidentiality and privacy.
  • SOC 3 Services: For organizations that do not use another service organization to provide services, we can provide high-level descriptions of your services and control structure.
  • SOC for Cybersecurity: We will examine a description of an entity’s cybersecurity risk management program and opine on whether the cybersecurity protocol description meets AICPA criteria. Our team will also examine whether cybersecurity controls effectively achieve commonly accepted control criteria.

Commitment to Quality

Our dedicated team of SOC professionals keeps up-to-date on the changes that could have an impact on you. We monitor trends and legislative developments and attend regular training, which has helped position MHM as a leader in the SSAE 18 arena.

In addition to being recognized as an industry leader on a national platform, we are dedicated to providing top quality SSAE 18 reviews or readiness services. Our team includes individuals who are accredited Certified Public Accountants (CPA), Certified Information System Auditors (CISA) and Certified Information Systems Security Professionals (CISSP).

Scott Woznicki

Managing Director, CISA

Follow me:      

    *CBIZ is a business consulting, tax and financial services provider and works closely with MHM (Mayer Hoffman McCann P.C.), an independent CPA firm providing audit, review and attest services.  CBIZ and MHM are members of Kreston International, a global network of independent accounting firms.