Back to Directory
A-LIGN
Cybercube Services Pvt. Ltd.
SAV Associates
Moss Adams
CAS Assurance, LLC
Grant Thornton Australia
British Assessment Bureau Limited
Stratica
Sigma Technology Partners LLC
Cascade Chartered Professional Accountants LLP
Frank, Rimerman + Co.
Baltum Bureau
Geels Norton
DES, LLC CPA & ADVISORS
ENTPERMASYS CONSULTING & ADVISORY SERVICES LLC
Specialized Security Services, Inc
Marcum
GRSee Consulting | PCI-DSS Auditors
Axipro
360 Advanced
Pease Bell CPAs LLC
Schellman
Schneider Downs & Co.
RSI Security
BARR Advisory
Securisea
INTERCERT Inc.
ARORA Solutions LLC
AARC-360
Mckonly & Asbury, LLP
Sentry Assurance
Copeland Buhl
Accorp Partners CPA LLC
AssuranceLab
AssurancePoint, LLC
Consilium Labs
Insight Assurance
Dansa D'Arata Soucia LLP
MJD Advisors, LLC
Sensiba LLP

About A-LIGN

Compliance for teams who take cybersecurity seriously: A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs.

Combining deep expertise and world-class processes, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN has completed more than 16,000 audits since its founding in 2009 and is the number one global issuer of SOC 2 and HITRUST and a top three FedRAMP assessor.

About Cybercube Services Pvt. Ltd.

CyberCube Services Pvt. Ltd. is a leading technology firm that specializes in providing cutting-edge cybersecurity solutions to businesses across various industries. The company was founded with the mission to empower organizations to better understand, manage, and mitigate their cyber risks. At CyberCube Services, we believe that cybersecurity is not just about technology but also about people and processes.


With this in mind, we offer a comprehensive suite of cybersecurity services that include cybersecurity compliance management, vulnerability management and more. Our team of cybersecurity experts has years of experience in the field and is well-equipped to handle any cybersecurity challenge that comes their way.


Our approach is tailored to each client's unique needs, and we work closely with them to understand their business operations, objectives, and risk appetite. This enables us to develop customized cybersecurity solutions that are aligned with their overall strategy. Our commitment to innovation is at the core of everything we do, and we continuously invest in research and development to stay ahead of the evolving threat landscape. This has helped us create some of the most advanced cybersecurity tools and technologies that are used by businesses around the world.


At CyberCube Services, we are passionate about making the digital world a safer place, and we strive to achieve this by partnering with our clients to build resilient cybersecurity programs that protect their data, assets and reputation.

About SAV Associates

SAV is a full-service CPA firm. SAV’s assurance and risk advisory services division is a market leader in providing cyber security assurance and advisory services. The team specializes in Financial audits, SOC audits, ISO 27001 audits, PCI DSS, GDPR, AUP (agreed upon procedures) reporting, Internal audit outsourcing, and readiness assessment for regulatory compliance such as PCI, SOX, SOC1, SOC2, ISO 27001, GDPR, CCPA, PIPEDA, AML, cyber security audits, blockchain advisory, IT security assessment and project/system conversion reviews.


About Moss Adams

Moss Adams is a fully integrated professional services firm dedicated to assisting clients with growing, managing, and protecting prosperity. With more than 3,800 professional across more than 30 locations in the West and beyond, we work with many of the world's most innovative companies and leaders. Out strength in the middle market enables us to advise clients at all intervals of development-from start-up, to rapid growth and expansion, to transition.


Our professionals provide SOC audits for a range of client types including SaaS, IaaS, and PasS companies, business intelligence providers, colocation data centers, financial institutions and service companies, third-party administrators, benefits administrators, and more.

About CAS Assurance, LLC

CAS Assurance, LLC is a Certified Public Accountants and security assurance firm based in the state of Florida. The firm’s cybersecurity and compliance risk assessment, advisory, and assurance services include attestation for SOC 1 and 2, SOC for Supply Chain, SOC 2 + Cloud Security Alliance (CSA) STAR, and compliance audit for other major standards, frameworks, and regulations, including NIST SP800-53, CSF, HIPAA, SWIFT CSC, CCPA, and GDPR. We understand the challenges of running a business, managing controls, and ensuring compliance. That is why we leverage stress free audit process, tools, and methodology for performing our audit engagements to take the traditional stress of audit off the back of our clients.


For organizations looking for readiness assessment and gap remediation assistance, our security consultants also provide customized assistance for major standards, frameworks, and regulations, including ISO27001, ISO27017, CCM, HIPAA, SWIFT CSC, CCPA, GDPR, PCI-DSS, and CMMC.

About Grant Thornton Australia

Australian based team of specialist controls assurance auditors and advisors, focussed on SOC2, ISO27K and CPS234.


At Grant Thornton Australia, care is just as important as capability because we believe that your experience is as important as the outcome.


We strive to provide a strikingly different experience – one that’s more personal, proactive, authentic and agile. To achieve that, we focus on investing in and building our relationship with you.


Data and digital transformation is squarely on the agenda for many businesses. The use of cloud resources, data storage, processing integrity, and ‘everything as a service’ has increased.


Outsourcing data management and processing is now the norm for many industries. Along with this is the need to address risk and controls when it comes to data privacy and handling.


If you are a third party supplier or handling and processing sensitive customer information, then the onus is on you to test your security controls to ensure you are compliant with data privacy provisions across jurisdictions.


With the influx of data privacy requirements, we are seeing the business landscape increasingly trending toward SOC reports for service suppliers now accepted as just being a part of the cost of doing business – now is the perfect time to get prepared with a SOC report.  


Our SOC reporting capabilities provide you an understanding of the risks associated with your internal controls so you can confidently address these risks. A Grant Thornton SOC report provides you with an efficient way of responding to security audit requests and demonstrates your commitment to security and privacy for current and prospective customers.


Risk management is a company-wide concern, with most stakeholders now requesting an SOC report as part of supplier due diligence prior to an engagement, or ongoing monitoring processes. SOC reports provide a transparent assurance of internal control accountability and for addressing multiple stakeholder assurance demands. Grant Thornton can help you decide which SOC report is applicable to your business or client requirements, and conduct and certify the chosen SOC report.


About British Assessment Bureau Limited

British Assessment Bureau ("BAB") is one of the UK's most popular certification bodies, providing a wide range of certification services for more than 20 years. Through the use of a "no hidden fees" policy, plain language communications and a pragmatic approach to auditing, BAB is well regarded for the service it provides to its clients. This attention to detail and a determination to provide a first-class service to its clients is why it has achieved, and retains, its Platinum Partner status with independent reviews service, Feefo.


As a UKAS-accredited certification body, BAB takes its status seriously and ensures clients are provided with a robust assessment process, not just a tick-box exercise, while providing useful guidance through its reports and backing that up with access to a range of training services that can help to increase awareness of both standards and the auditing process, in general.

About Stratica

Do you accept credit card payments, (maybe via a payment gateway)?


If you answered yes, then you are part of the Payment Card Industry (PCI).

You need an experienced PCI QSA (Qualified Security Assessor) and an independent Cyber Security Consultant on your side, at all times.

Compliance cannot be ignored, no matter the size of your business, or how well you run it.


PCI compliance and cyber security are ongoing practices. It is necessary to maintain PCI DSS (Data Security Standards) to protect client data (including personal and credit card data) and detect potential cyber-attacks or breaches to your systems.

Don’t wait until it’s too late. Don’t wait until you need to hire a PFI (Payments Forensic Investigator).

Don’t risk losing your business or customers over a data breach caused by a PCI compliance or cyber security issue.


We guarantee to get you compliant and keep you compliant, for as long as you choose us.


STRATICA is an independent advisory practice specialising in PCI consulting, PCI compliance, and cyber security service requirements. STRATICA is the most qualified and experienced QSA operating in Australia, and the only Australian based PFI. (There are approximately 20 PFIs globally, amongst the hundreds of QSA companies). A PFI QSA investigates a breach uniquely – They see what goes wrong, how, and why, and can help clients avoid similar risks.

With STRATICA, you get a lot more than just a PCI consulting firm.

Rest assured, we will keep your systems secure, so that your customers can safely place their trust you.

Our services include, (but are not limited to):


  • QSA
  • PCI Compliance
  • PCI Forensic Investigations
  • Cyber Security Services
  • PCI Consulting

Meeting security standards for cyber safety and compliance is a serious matter, but it doesn’t need to be difficult process.


STRATICA is your most qualified and experienced QSA, PCI Compliance Officer, and Cyber Security Consultant, and the only Payments Forensic Investigator in Australia.

About Sigma Technology Partners LLC

Sigma Technology Partners is an independent CPA firm, we guarantee our clients will work with highly experienced SOC practitioners and auditors who specialize in SOC 2, SOC 3 and advisory engagements Our team of certified practitioners can report on any of the trust services categories of Security, Availability, Processing Integrity, Confidentiality, or Privacy, either individually or in combination with one or more of the other trust services categories.


Services Offering:

SOC 2, SOC 3

SOC Plus (SOC for Cyber Security)

ISO 27001 - Internal Audits

FISMA Compliance (NIST SP800-53)

FedRAMP Readiness Assessment

Penetration Testing

Vulnerabilities Assessment

HITRUST Readiness

HIPAA Assessment


To Learn more about Sigma Technology Partners, please visit www.sigmatechllc.com or call us at 800-748-6602.

About Cascade Chartered Professional Accountants LLP

Cascade is a boutique CPA firm located in Calgary, Alberta. The partners at the firm have over 15 years of combined experience providing services to a wide range of clients across Canada, the United States and overseas. At Cascade, we are meticulous with our work, and our size and experience allow us to provide tailored solutions to our clients, giving them the necessary peace of mind so that they can focus on running their businesses.


Service Offerings


As a boutique accounting firm, our services and approach are distinctive when compared to other accounting firms. Instead of being generalists, we focus our time and the pursuit of our professional excellence only on key areas where we have developed specialized expertise. These key areas are:

-         Assurance

-         Accounting

-         Tax

-         Due Diligence & Advisory

A key component of our Assurance services offering is third-party assurance reporting, specifically SOC2 audits, which we provide to our clients in Canada and United States based on the requirements of the Canadian Standard on Assurance Engagements 3000, Attestation Engagements Other than Audits or Reviews of Historical Financial Information, set out in the CPA Handbook – Assurance and the attestation standards established by the American Institute of Certified Public Accountants (AICPA).

Our SOC2 engagement team members have over 20 years of experience in providing SOC2 services, which includes both SOC2 audit and SOC2 consulting engagements. With this unique experience, we have developed a unique three-step approach that ensures any SOC2 engagement we deliver goes smoothly. The end result is that your engagement will result in 'you' being able to get your final SOC2 report into the hands of your customers and business partners in a timely manner.

If you want to learn more about our SOC2 offering or explore how Cascade can assist you through your SOC2 journey, please reach out and our team would be happy to meet with you

About Frank, Rimerman + Co.

Frank Rimerman + Co. is a certified public accounting firm offering a variety of accounting, business consulting, and compliance services for over 75 years.


Our Information Technology professionals assist organizations to develop stronger compliance posture, mature business processes and refine security controls. Our clients range from SaaS, software, fintech, health care, security, and life sciences such as biotech and medical devices. Our depth of experience includes auditing on-premise, hybrid, and cloud-based infrastructures including AWS, GCP, Azure, and Salesforce. We are versed in both SOC and ISO frameworks and can help clients to streamline thier processes to meet both framework requirements.


We are an accredited ANSI-ASQ National Accreditation Board (ANAB) certification body and can certify our client’s ISMS conforms to the ISO 27001 and ISO 27701 standards.


Frank, Rimerman has been immersed in the startup and venture capital community in Silicon Valley since its inception. The exceptional caliber of our people and the expertise they’ve gained by working with cutting-edge technology companies proves invaluable to all the clients we serve.


We place our clients at the center of everything we do. That’s why our clients have unlimited access to our partners and managers throughout the year. We provide you with timely, accurate, and personalized advice to address business and operational questions as your organization grows and matures to keep your security programs in compliance.


Let us help you create a stronger cyber security and privacy programs.

Frank, Rimerman Advisors LLC is a subsidiary of Frank, Rimerman + Co. LLP. Frank, Rimerman Consulting is a division of Frank, Rimerman + Co. LLP. ISO Services are provided by Frank, Rimerman Information Security LLC, an affiliate of Frank, Rimerman + Co. LLP.

About Baltum Bureau

Baltum Bureau is a premier global certification body dedicated to providing management systems assessment, ISO certification, and compliance services for organizations across diverse industries, including IT, banking, and cryptocurrency sectors. With a customer-centric approach and a commitment to delivering high-quality, tailored solutions, Baltum Bureau supports clients in achieving their business goals and maintaining a competitive edge in their respective markets.


Key Services: ISO 27001, ISO 27701, ISO 9001, GDPR Compliance and Certification.

By partnering with Baltum Bureau, organizations in the IT, banking, and cryptocurrency sectors can enhance their performance, minimize risks, and maintain compliance with ever-evolving regulatory requirements.

About Geels Norton

High Quality, High Touch, High Value


Geels Norton is a data security compliance and advisory firm for companies seeking high touch, high quality, and high value. After more than two decades at top-tier national and regional firms, they have an unwavering belief that there is a better way. For Geels Norton clients, this means greater efficiencies, faster service, enhanced communication, enriched relationships, and, yes, more fun!


Geels Norton exists to help emerging and high-growth cloud technology companies focus their efforts on building amazing products while concurrently demonstrating sound, scalable data security practices.


As you look towards the next stage of growth, you face the reality of needing to demonstrate a commitment to data security compliance. Further, you want to reap the most value possible from your compliance initiatives – this is an opportunity to take your company to the next level. At Geels Norton, our high-touch, high-quality SOC 2 experience delivers value far beyond compliance.


Companies are a good fit for Geels Norton when:


1.They enjoy working directly with partner-level team members instead of less experienced associate-level team members.


2.They appreciate a high-touch experience with a team that holds their hand through the entire process instead of spending time and resources struggling through it themselves.


3.They love a two-week report turnaround instead of waiting months for their reports.


4.They want to use compliance initiatives as an opportunity to make their business better instead of just meeting minimum requirements with a ‘check-off-the box’ approach to compliance.


5.They prefer a collaborative audit partner who will support and educate them year-round over a provider who just does the job and leaves until next year’s audit.


6.They value quality and experience without the high-cost structure of a large, traditional firm.

About DES, LLC CPA & ADVISORS

We help SaaS and technology businesses get and stay SOC 2 compliant in less time and with less stress by simplifying the SOC 2 Readiness and Audit approach. Rather than looking at each control and evidence task individually, we can suggest ways to easily address multiple evidence requirements more efficiently.


Our company's mission is to find a better way, and we are determined to help companies spend less time on SOC 2 compliance so they can focus on their core business.


We take a customized approach to our audit process. Some clients want us to perform the audit in the background focusing on minimizing the business disruption. Other clients want more guidance and need assistance navigating the SOC 2 Readiness process. While we can't make management decisions or implement your controls for you, we can provide the actionable insights and suggestions needed to save you time both in getting ready for your audit and in the way you approach your compliance requirements.


Let us tell you more about our process, and how we can help provide you a better SOC 2 Compliance Experience.

About ENTPERMASYS CONSULTING & ADVISORY SERVICES LLC

We are a Delaware, USA registered CPA Firm with operations in India offering a diverse range of services ranging from Information Security & Privacy consulting, SOC 1/SOC 2 / SOC 3 Attestations

About Specialized Security Services, Inc

Specialized Security Services, Inc. (S3 Security) is a women-owned cybersecurity firm with headquarters in Dallas, TX.

For nearly 25 years, our expert team has successfully assisted organizations with the implementation and oversight of their information security, privacy, and regulatory compliance programs.

We unify the best talent in the industry to fight against the global threat of cybercrime, secure business, and protect privacy.

About Marcum

A top-12 CPA firm specializing in a wide range of risk advisory services such as audit, assessment, attestation, certification, and preparation services. We have offices across the US and globally including China, Ireland, and Grand Caymans. We specialize in performing audits for reporting compliance with multiple frameworks or standards to ensure a unified experience and effort.

About GRSee Consulting | PCI-DSS Auditors

Every growing company needs a competitive edge, and when it comes to payment security the best way to install trust among your client base is to be compliant with PCI-DSS standard.


Being in the cybersecurity domain for over a decade GRSee Consulting's approach & process turns your compliance challenges into ways of building trust & integrity with your customers.


Our goal is to get you PCI-DSS compliant as efficiently as possible by minimizing your PCI scope. Get in touch for an introductory call by clicking get in touch!


About Axipro

Achieve Excellence With AxiPro Consultancy

It’s time to create and improve your organization’s management system. And nobody is more qualified to assist you than Axipro Consultancy. Our team operates on the belief that we can find the right solutions for even the most complex issues and concerns.

Today, success depends on the business partners and advisors you choose to help you address your business needs — whether you’re reviewing policies during gap analysis or developing SOPs for compliance implementation.

Axipro consultancy provides custom assessments and tailored management strategies to keep you on top of any situation.


How You Benefit From Our Services

Your business goals and needs — and the risks you’re facing — are unique. Your situation is different from competitors even though you provide similar products or services.


Axipro Consultancy truly understands this. So when we’re strategizing for you, we are putting ourselves in your shoes- and providing you with tailored and customized solutions- for your specific needs.

From project management to gap analysis to compliance implementation, we take action based on your circumstances


Summary of Services

  • SOC 1, 2, 2+, 3 Examinations
  • ISO 27001
  • PCI DSS
  • RIsk Advisory
  • HIPAA/HITECH
  • Penetration Testing and Vulnerability Assessments
  • GDPR Services
  • NIST CSF


ISO 27001 Implementation

As the international standard for information security management, ISO 27001 helps your organization protect sensitive information. With our help, you can achieve smooth ISO 27001 implementation and heighten the confidentiality and integrity of your data.


ISO 27001 Internal Audit

Cut through the confusing and sometimes downright complex processes that delay your plans for ISO 27001 certification. Let us help you conduct internal audits and prepare for upcoming compliance audits so you can finally earn and maintain the certification.


HIPAA implementation

Are you still navigating your way through HIPAA and HITRUST? Our team of professionals will walk you through the standards of compliance and help you build a workable and sustainable framework that lets you achieve and maintain compliance standards.


GDPR Implementation

The General Data Protection Regulation (GDPR) is a legal data protection and privacy framework. The EU law regulation extends to individuals who live in the EU and the European Economic Area. Let us help you build a sound GDPR framework.

About 360 Advanced

360 Advanced is a relationship-focused cybersecurity and compliance firm offering integrated compliance solutions customized to meet your business needs. We work with organizations that are seeking to assure data security, privacy, compliance, and processing integrity. Our open communication policy helps to facilitate a more thorough assessment of an organization’s IT security.


About Pease Bell CPAs LLC

“Pease Bell” is a full-service CPA firm, headquartered in Cleveland, Oh with offices in Fairlawn, OH and Lakewood, NJ. With over 170 employees, our areas of expertise include information security attestation and consulting (SOC 1, SOC 2, ISO internal audit, GDPR, HIPAA, and others), traditional compliance services (taxation and financial statement assurance), transaction services (buy side diligence and quality of earnings), client accounting services (outsourced bookkeeping, controller, CFO), and more!


Pease Bell's Risk Advisory specialists understand the growing need for IT & IS assurance and compliance services. The Risk Advisory team looks to educate and support our clients; focusing on solution-based practices for clients seeking to comply or in the process of becoming compliant. We carefully dissect each aspect of our clients’ business operations to create a strategic, tailored solution to meet one or many of their compliance needs.


Our goal is to simplify and expedite the compliance reporting process to meet the stringent demands their customers, vendors and governing bodies require.


The Pease Bell Difference

  • Our team is inquisitive and listens very well. We aim to learn about our client's operations and goals before we make any recommendations or offer any guidance.
  • We take a "consultative approach" to auditing. we communicate and translate in consumable language what the compliance requirements are. Through careful planning and execution, we set you up for success, and make sure expectations are clear (all while maintaining our independence of course!)
  • Peer reviewed through the AICPA's Peer Review Program.
  • We have a deep understanding of what Drata offers, and maximize Drata's automation to provide an efficient examination, passing along the cost savings to you, our client.
  • Our team of fully dedicated information security audit leads have each been through hundreds of SOC 2 examinations.
  • Information security attestation is not all that we offer. With over 100 CPA's and accountants Our clients that started with SOC 2 utilize many of our service offerings. Our SOC 2 clients have also used our team for: Corporate Tax Work, Reviewed Financial Statements, M&A Diligence, State Sales and Income Tax Nexus Studies, Outsourced Bookkeeping, Outsourced Controller and CFO Services, and more. We have a small firm feel, with the expertise and network of a large regional firm.

About Schellman

Schellman provides compliance and certification services to clients globally including attest examinations (SOC 1, SOC 2, SOC 3, SOC for Cybersecurity, SOC for Supply Chain, etc.), ISO certifications (ISO 27001, ISO 27701, ISO 9001, ISO 20000, and ISO 22301), PCI assessments, FedRAMP assessments, HITRUST certifications, HIPAA assessments, Penetration Testing services, privacy examinations (GDPR, CCPA, MS DPR, etc.), and several other miscellaneous types of assessments.


Schellman’s motto for more than 20 years is “Quality Above All.” Our more than 400 service delivery professionals average more than 180 completed assessments. Schellman’s work is based on adherence to the highest AICPA quality standards and follows a very thorough methodology to ensure quality and consistency across more than 900 clients. As a result, our reports are confidently relied upon by most of the major banks along with Fortune 500 companies.


Schellman does not pretend to be a “low-cost solution” for SOC 2. We support clients of all sizes but focus on partnering with them as their compliance roadmap takes them from SOC 2 into ISO 27001, and subsequently more industry-focused initiatives like FedRAMP, CMMC, PCI, or HITRUST, where Schellman is a market leader. We also promote the use of technologies, like Drata, to help clients prepare for assessments and provide ongoing continuous compliance.


We invite you to learn more about our services in the resource links as we are open and transparent about our experience as well as scope and pricing considerations.

About Schneider Downs & Co.

Schneider Downs provides System and Organization Controls (SOC) examinations nationally to over 160 clients annually in a variety of industries. Schneider Downs employs a unique approach to SOC reports, integrating the expertise of information technology, internal audit and external audit professionals. By combining cross-disciplinary knowledge and project management expertise, we are able to effectively deliver on our clients' expectations.


The team is composed of more than 75 multidisciplinary professionals experienced in providing audit and attest services, internal audit and risk advisory services, and IT audit services. By integrating diverse, experienced individuals into the SOC examination process, we are able to provide unique and value-added insight to all of our SOC clients. Our team has combined experience working on more than 1,000 SOC examinations and works with clients across the country and world. Our team is well recognized for both its SOC experience and established service model and are leaders in the profession and recognized speakers on SOC reporting requirements regionally and nationally. Key benefits include:

  • Experienced team in reporting on controls at service organizations;
  • Leaders with global project management expertise;
  • Dedicated team that works collaboratively with clients to transfer knowledge;
  • IT leaders experienced in system controls (e.g., NIST, CMMC, COBIT, CSA CSM, HIPAA, HITRUST, PCI and ISO 27001 standards);
  • Approach designed to drive value for our clients and their customers; and
  • Incorporation of our firm’s specialists based on engagement needs.

About RSI Security

We work with some of the world's leading companies, institutions, and governments to ensure the safety of their data and their compliance with applicable regulations.


We also are a security and compliance software ISV and stay at the forefront of innovative tools to save assessment time, streamline compliance, and provide additional safeguard assurance. With a unique blend of software-based automation and managed services, RSI Security assists organizations within highly-regulated industries in managing IT governance, risk management, and compliance (GRC).


We customize and tailor our services to a client’s exact needs. This, combined with being predictive, preventative, and nimble, is what sets us apart from any other organization in our industry.


Our team members come from a wide range of backgrounds and specialties. All consultants come from a computer science, engineering, or information systems discipline, and many consultants have obtained master's and doctorate degrees. Our team members include published authors, open-source developers, industry researchers, and thought leaders.

About BARR Advisory

BARR Advisory is a cloud-based security and compliance solutions provider specializing in cybersecurity consulting and compliance for companies with high-value information in cloud environments like AWS, Microsoft Azure, and Google Cloud Platform. A trusted advisor to some of the fastest growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements in highly regulated industries including technology, financial services, healthcare, and government.

About Securisea

Securisea's security practice leverages our deep expertise in assessing some of the most advanced and complex Cloud Service Providers (CSPs) in the world. Our services include all types of security assurance reviews relevant to cloud SaaS and similar companies including PCI DSS, SOC2, ISO27001, HIPAA/HITRUST, Penetration Testing, FedRAMP/StateRAMP and much mure.


Our integrated compliance approach allows us to leverage our client’s existing security controls from other frameworks directly into each assessment, reducing overhead and work duplication. As experts in a wide variety of security control frameworks, we can provide a comprehensive solution for all of your security assessments.

About INTERCERT Inc.

INTERCERT is an international certification institute providing Auditing and Certification services of International repute on various Governance, Risk, and Compliance (GRC) frameworks Worldwide for aligning organizational information technology with business goals, managing risks and fulfils applicable regulations and leading the organizations achieve their goals reliably, remove uncertainty, and meet compliance requirements.


The institution was established in year 2009 with the group of professionals keen to contribute towards safe and sustainable world. The INTERCERT group having rich experience of 14 years is delivering excellence through international certifications and trainings across the globe. The INTERCERT auditing team of 125+ auditors possess the experience in wide range of business scopes of industrial and business sectors and offers its customers compliance assessments and certification services internationally.


INTERCERT is an accredited Management System Certification Body from  Standard Council of Canada (SCC) and United Accreditation Foundation (UAF), United States. We have team of AICPA registered CPA's for SOC2 services and PCI registered QSA's for PCI DSS.


We provides Assessment & Certification services for:


ISO 27001:2022 - Information Security Management System

ISO 27701:2019 - Privacy Information Management System

ISO 22301:2019 - Business Continuity Management System

ISO 20000-1:2018 - Information Technology Service Management System

PCIDSS - Payment Card mb-3 Industry Data Security Standard

SOC2 - Service Organization Control Attestation

GDPR - General Data Protection Regulation

HIPAA - Health Insurance Portability and Accountability Act

About ARORA Solutions LLC

Getting You ISO 27001 and HITRUST Ready - Our team evaluates your security compliance controls and sets you up with a roadmap for Certification, Security and Success.


Our Mission

ARORA Solutions is a human-centric auditing and technology company focused on delivering security, health and peace to people and organizations.


We are one of a select few HITRUST Readiness Licensees and have a team of expert ISO Lead Auditors and Management Systems Implementers. ARORA Solutions offers an array of security and compliance services and tools for companies in numerous areas, including health, sustainability, IT, manufacturing, non-profit and business sectors.

  • ISO 27001 Internal Audit and Certification Readiness
  • Drata Compliance Automation Quality Assurance
  • Top Management Coaching and Support for CISOs, CSOs, CIOs and IT Managers
  • Outsourced GRC (Governance, Risk & Compliance) Teams
  • Security-as-a-Service / vCISO
  • HITRUST Readiness Assessments and Remediation Services
  • ISO Management Systems Certification Consulting Support for ISO 27701 (Privacy Information Management Systems), ISO 22301 (Business Continuity Management Systems), and ISO 22000 (Food Safety Management Systems)
  • Virtual Internal Security Audits and Assessments
  • Contract Auditing for Third-Party Certification Bodies
  • Development Consulting and pro-bono work for NGOs, community-based organizations and developing world institutions.  

About AARC-360

AARC-360 is a PCAOB registered firm of Certified Public Accountants and Advisors that combine deep insights gained across industries to provide Assurance, Advisory, Risk, and Compliance services.


Headquartered in Atlanta, Georgia, AARC-360 serves domestic and international companies. Although US-based, we have a global presence with customers across North America, Europe, and Asia.


We advise clients with a complete circle (360º) of assurance, advisory, risk, and compliance services.

About McKonly & Asbury, LLP

Our Cybersecurity Practice provides your organization with an experienced and trusted partner in the continuous battle to counteract the increasing risks. We offer a complete solution in terms of team experience, tools, and business/risk evaluation solutions to offer our clients the best course of action.

About Sentry Assurance

Sentry Assurance’s mission is to provide critical security insights, without disruption. As former “Big 4” auditors we understand that not all audit reports are created equal and audit quality is paramount to the value of the report. That is why we’ve built our audit process from the ground up with acceleration tools like Drata in mind, our approach allows for minimal disruption, while maintaining audit quality, so you can have the best of both worlds.


At Sentry, we focus on four core differentiators that we feel bring value to our clients:


Quality Driven Professionals:

  • Firm leaders have decades of combined experience at PwC, Deloitte, and EY within the IT Audit space.
  • Firm methodology was developed ground-up with this experience and a focus on delivering efficient, effective, and quality assessments to our clients.

Tailored & Agile Approach:

  • We’re committed to minimizing the impact of an audit. We tailor our approach to the environment and acceleration tools. On average reducing client effort during fieldwork 70% compared to traditional auditors.
  • Our audit reports are flexible. Where you’ve developed differentiating controls, we work to help highlight that within your audit report.

Engaged Leadership:

  • Our Founder & Managing Partner is a current board member of the Ohio Society of CPAs ensuring that Sentry Assurance remains on the cutting edge of audit quality standards.

Holistic Assessment Support:

  • Our team of experts can support you in all of your cybersecurity assessment needs. If you have an audit or compliance need, we have a solution. .


Sentry Assurance, LLC. is a registered Certified Public Accounting firm registered in the state of Ohio.

About Copeland Buhl

Copeland Buhl & Company, a 51+ year Twin Cities based CPA firm offers traditional tax and accounting services along with specialty services in Accounting & ERP support, and information security compliance (SOC 2/HITRUST). Focusing on unique solutions for unique clients, Copeland Buhl builds long-term relationships by providing high quality responsive service to clients. It's not about today’s transaction but planning and building for future success.

About Accorp Partners CPA LLC

Accorp Partners CPA LLC is a California and Montana-based CPA firm. We focus on compliance with SOC, PCI, ISO, HIPAA, HITRUST, GDPR, VAPT, CMMI, and other industry standards to provide comprehensive auditing and assurance solutions.


With a track record of completing over 1000+ attestations globally, our highly experienced team of auditors provides accurate assessments and comprehensive insights.


Our specialized compliance services


SOC Audits: We specialize in SOC audits (SSAE 18) and conduct thorough assessments of your organization's controls and processes, strengthening trust with stakeholders. We have successfully served over 300+ SOC clients in the last fiscal year in various countries.


ISO 27001: Assistance in achieving compliance with tailored services such as gap analysis, policy development, risk assessment, and certification support. We ourself also an ISO-certified body.


GDPR: Support complying with the General Data Protection Regulation through impact assessments, development of privacy policy, and ongoing compliance monitoring.


PCI-DSS: Guidance in achieving compliance with the Payment Card Industry Data Security Standard for cardholder data security.


HIPAA: Compliance services for the healthcare, and MedTech industry, including risk assessments, policy development, safeguards implementation, and ongoing support.


HITRUST: As a HITRUST External certified accessor, We support achieving compliance with the HITRUST Common Security Framework, including risk assessments and certification guidance.


VAPT: Vulnerability Assessment and Penetration Testing services to identify vulnerabilities.


CMMI: Assistance in adopting the Capability Maturity Model Integration framework for software development and project management excellence.


Our approach


Customized Solutions: Tailored services to address specific requirements and align with business goals.

Proven Methodologies: Utilization of industry-leading methodologies and adherence to recognized standards for reliable results.

Collaborative Partnership: Building trust-based relationships, providing personalized attention and support throughout engagements.


With Accorp Partners, you receive tailored solutions that meet your unique needs and challenges, delivered by industry experts you can trust.

About AssuranceLab

AssuranceLab is your modern cyber security audit partner. Unlock new opportunities and power your international growth with trust. We’ve invested the last five years developing and validating our innovative approach with both trailblazing start-ups and established businesses that needed to invest in trust to go further. In working with us, they’ve unlocked new growth potential and enjoyed the process.


AssuranceLab has created an approach for start-ups (1-100 employees) which provides step-by-step guidance on exactly what is required to meet your SOC 2 compliance goals.


What’s involved?

  • A framework that makes its crystal clear which controls we expect to see
  • A playbook that provides you with a  step by step guide to achieve your first SOC 2 Type 1 outcome
  • A clear understanding of what’s required to achieve SOC 2 Security, Availability, Confidentiality compliance
  • Automated evidence collection to make the audit process more streamlined
  • An approach aligned to a cloud-based software as a service


We also support a tailored-audit process that supports medium-size to enterprise (101+ employees) companies. This involves a readiness assessment used to create a tailored set of controls, specific to your business that is mapped into Drata. The audit is then conducted in Drata’s Audit Hub.


Our mutual customers use AssuranceLab’s security and compliance accreditations to:

  • Grow revenue globally
  • Improve security and operations
  • Satisfy customer requirements
  • Reduce the friction for enterprise
  • Build trust with stakeholders


Thank you in advance for considering AssurancLab! Submit a request and we will endeavor to get a meeting scheduled within 24 hours to explore working together. We look forward to speaking with you soon.


About AssurancePoint, LLC

AssurancePoint is a security and compliance audit firm focused on quality service intentionally designed to maximize the value of your security and compliance initiatives. AssurancePoint was founded with a simple mission - A Better Compliance Experience. We have completed hundreds of audits across popular industry security frameworks such as SOC 2, ISO27001, NIST and various regulatory compliance requirements such as HIPAA and GDPR. We leverage that experience to our clients' advantage. We believe an audit doesn't have to be a cost center or check-the-box excercise when it is executed by seasoned experts who focus on adding client value. Invest in a partner who leverages experience to guide you and provide actionable insights into improving your posture, all while executing on a tailored and customized audit designed to tell your unique story. We learn your drivers and objectives to establish a streamlined examination, reduced audit burden, and business-aligned reporting. Don't spend your hard earned money on an audit firm just going through the motions. Invest in security and compliance as a differentiator to maximize the return to your business and unlock growth.


About Consilium Labs

Consilium Labs works as a trust enabler between you and your clients by getting you ISO 27001 Certification with a seamless process. Consilium Labs helps you achieve ISO 27001 certification without complications while saving time and cost.

About Insight Assurance

Insight Assurance is a U.S.-based CPA (SOC 1, SOC 2, and SOC3 ), Certification Body (ISO 27001), and PCI-DSS QSA firm founded by former Big-4 professionals (Former EY) looking to simplify the world of IT compliance. With over 20 years of professional experience working with hundreds of organizations from startups to Fortune 500 companies on a variety of engagements; the team at Insight Assurance partners with organizations looking to meet their organizational and compliance goals using technology and compliance automation software.


We provide the following services:


  • SOC 1, SOC 2, SOC 2+, and SOC 3 Examinations
  • ISO/IEC 27001 Certifications
  • ISO 27017 (Cloud Security) and 27018 (Cloud Privacy)
  • ISO 27701
  • PCI DSS Assessments
  • HIPAA/HITECH Security Assessments
  • Penetration Testing and Vulnerability Assessments
  • General Data Protection Regulation (GDPR) Services
  • Privacy Assessments based on International and State laws
  • NIST CSF Cybersecurity Assessments


Insight Assurance Differentiators

  • Founded by former EY (Ernst & Young) professionals.
  • Cost-Effective and Efficient quality audits.
  • We are able to certify/examine your organization across several frameworks
  • We leverage 100% of Drata for our audits.
  • We serve clients across the globe and can accommodate all time zones.
  • We have a strong reputation with small, medium, and large companies.
  • We offer flexible payment terms.
  • We offer a dedicated Slack channel.

About Dansa D'Arata Soucia LLP

"DDS" is a full service CPA firm, located in downtown Buffalo, New York servicing clients all around the continental United States and abroad. We pride ourselves on attracting top talent to make sure our clients are always getting the "A" team. Our areas of expertise include information security attestation and consulting (SOC 1, SOC 2, ISO internal audit, GDPR, HIPAA, and others), traditional compliance services (taxation and financial statement assurance), business valuations, mergers & acquisitions (buy and sell side diligence and sale positioning), client accounting services (outsourced bookkeeping, controller, CFO), and more!


THE DDS DIFFERENCE

+ Peer reviewed through the AICPA's Peer Review Program.

+ We have often been referred to as "the friendly auditors". We have a job to do, but that does not mean we need to make your life difficult. Through careful planning and execution, we set you up for success, and make sure expectations are clear (all while maintaining our independence of course!)

+ We have a deep understanding of what Drata offers, and maximize Drata's automation to provide an efficient examination, passing along the cost savings to you, our client.

+ Our team of fully dedicated information security audit leads have each been through hundreds of SOC 2 examinations.

+ DDS issues approximately 200 SOC 2 examinations annually and we continue to add to our team to make sure turnaround time, and responsiveness remains best in class.

+ We take the time to understand your business. Through our information gathering process we can make sure we price our services correctly and competitively. No surprises allowed.

+ Information security attestation is not all that we offer. Our firm of 40+ CPA's and accountants has grown many of our clients that have started with SOC 2 into clients that utilize many of our service offerings. Our SOC 2 clients have also used our team for: Corporate Tax Work, Reviewed Financial Statements, M&A Diligence, State Sales and Income Tax Nexus Studies, Outsourced Bookkeeping, Outsourced Controller and CFO Services, and more. We have a small firm feel, with the expertise and network of a large regional firm.


We look forward to having a conversation with you to answer any and all concerns and to find ways to make your lives simpler, and your businesses more successful.


About MJD Advisors, LLC

MJD Advisors was founded in 2021 with a simple idea - information security compliance doesn't need to be complex, stressful, or unpredictable. Our clients are masters of their domain and deserve a partner that shares their passion and expertise. We work with brilliant business leaders who value our ability to move at their pace and provide a solution-focused approach, adding value by focusing on their concerns.


We believe SOC 2 complexity is optional. Our solution is a boutique firm that blends niche expertise, purpose-built tools, and a modern perspective that removes the friction of traditional approaches to compliance. We’ve designed an agile and iterative approach to the service that allows us to run at our clients’ speed by leveraging technology, project management, and common sense to enhance audit quality and the client experience.


Our talented team is full of certifications (CPAs, CISSPs, CISAs, CCs, and more), but that is only part of the story. MJD offers translators, guides, and creators who bring different perspectives and a culture of ongoing learning, open-mindedness, and clear communication. We are a CPA firm, a technology company, and a group of people who have curated specific skills geared to help clients solve problems and reimagine compliance.

About Sensiba LLP

Sensiba LLP provides comprehensive tax, audit, and consulting services and combines a national footprint with deep expertise and relationships throughout Silicon Valley to serve clients worldwide.  

The companies we serve span software, SaaS, Big Data, fintech, networking, hardware, energy, health care, and life sciences such as biotech and medical devices. Because of this, we're uniquely adept at auditing systems that leverage cloud-based infrastructure such as AWS, Google Cloud, and Microsoft Azure.  

Our experience and understanding within the technology industry allows us to offer what most larger firms can't — competitive flat fee rates, quick turnaround times, and the ability to conduct your audit remotely without hourly billing, long wait times, or lengthy onsite visits.  

Our goal is to make your SOC 2 audit as straightforward as possible, and to support you with a flexible and practical approach that addresses your concerns in a cost-effective manner.  

We hope you'll allow us to show you why hundreds of technology companies have chosen to work with SSF.  


Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Cryptocurrency
  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • Real Estate
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English
  • Spanish
  • French
  • Portuguese

Additional Services Offered

  • Penetration Testing
  • Privacy Assessments

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27001 - Internal
  • ISO 27701
  • PCI
  • CCPA
  • CMMC
  • CPRA
  • FedRAMP
  • FISMA
  • GDPR
  • GDPR Article 27 Representative
  • HIPAA
  • HITRUST
  • Microsoft SSPA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • SOX ITGC

Partner Powered Frameworks

  • HIPAA+NIST
  • HITRUST
  • ISO 22301
  • ISO 42001
  • SWIFT
  • TXRAMP

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)

Industry Specialization

  • Finance and Insurance
  • Privacy
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Eastern Europe

Supported Languages

  • English
  • Hindi

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27001 - Internal
  • ISO 27701
  • PCI
  • CCPA
  • GDPR
  • HIPAA
  • Microsoft SSPA

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Government
  • Privacy
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Asia
  • Australia

Supported Languages

  • English
  • Hindi
  • Mandarin Chinese

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001 - Internal
  • ISO 27701
  • CCPA
  • COBIT
  • GDPR
  • HIPAA
  • Microsoft SSPA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • SOX ITGC

Resources

AICPA Releases Updated SOC 2 Guidance

Ideal Client Size

  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Construction
  • Cryptocurrency
  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • Real Estate
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States

Supported Languages

  • English

Additional Services Offered

  • Penetration Testing
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27001 - Internal
  • ISO 27701
  • PCI
  • CMMC
  • COBIT
  • FFIEC
  • FISMA
  • HIPAA
  • HITRUST
  • Microsoft SSPA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • SOX ITGC

Resources

Positioning Your Cybersecurity Program for Success

Understanding and Enhancing the Values of ISO/IEC 27001 Internal Audit

Maximizing the Benefits of Your SOC 2 Audit

Why your cloud services need the CSA STAR Registry listing

Appraising Operating Effectiveness of Controls for Your SOC 1 or 2 Audit

Step up Your GDPR Compliance Program

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Regions Covered

  • United States

Supported Languages

  • English

Additional Services Offered

  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001 - Internal
  • CCPA
  • CMMC
  • GDPR
  • HIPAA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171

Resources

Understanding controls assurance reporting

Building cyber resilience

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • Australia

Supported Languages

  • English

Additional Services Offered

  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001 - Internal
  • ISO 27701
  • PCI
  • COBIT
  • GDPR
  • Microsoft SSPA
  • SOX ITGC

Ideal Client Size

  • SMB (1-300 FTE)

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English

Frameworks Supported

  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • Cyber Essentials

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)

Industry Specialization

  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • Asia
  • Australia

Supported Languages

  • English
  • Hindi
  • Mandarin Chinese

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2022
  • ISO 27001 - Internal
  • PCI
  • GDPR

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Regions Covered

  • United States
  • Canada
  • United Kingdom

Supported Languages

  • English
  • Hindi
  • Standard Arabic

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • FISMA
  • HIPAA
  • NIST 800-53

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Healthcare
  • Manufacturing
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Canada
  • Western Europe
  • Eastern Europe

Supported Languages

  • English

Additional Services Offered

  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • GDPR
  • HIPAA
  • Microsoft SSPA
  • NIST CSF
  • SOX ITGC

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • Real Estate
  • Retail
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • Australia
  • Eastern Europe

Supported Languages

  • English

Additional Services Offered

  • CISO Advisory
  • Risk Advisory

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27701
  • HIPAA
  • Microsoft SSPA
  • SOX ITGC

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)

Industry Specialization

  • Construction
  • Cryptocurrency
  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • Real Estate
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • Eastern Europe

Supported Languages

  • English
  • Spanish
  • German
  • Portuguese

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27001 - Internal
  • ISO 27701
  • PCI
  • GDPR
  • GDPR Article 27 Representative
  • HIPAA

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Healthcare
  • Privacy
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Canada
  • Western Europe

Supported Languages

  • English

Additional Services Offered

  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001 - Internal
  • HIPAA
  • Microsoft SSPA

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Healthcare
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States

Supported Languages

  • English

Additional Services Offered

  • CISO Advisory
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • HIPAA
  • NIST CSF
  • SOX ITGC

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Healthcare
  • Privacy
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Asia
  • Australia

Supported Languages

  • English
  • Hindi

Additional Services Offered

  • Privacy Assessments

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • GDPR
  • HIPAA
  • Microsoft SSPA
  • SOX ITGC

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • Mexico

Supported Languages

  • English
  • Spanish
  • French

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • ISO 27001 - Internal
  • PCI
  • CCPA
  • CMMC
  • FFIEC
  • FISMA
  • GDPR
  • HIPAA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Construction
  • Cryptocurrency
  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • Real Estate
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English
  • Spanish

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27001 - Internal
  • ISO 27701
  • PCI
  • CCPA
  • CMMC
  • COBIT
  • CPRA
  • FFIEC
  • FISMA
  • GDPR
  • HIPAA
  • HITRUST
  • Microsoft SSPA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • SOX ITGC

Resources

Get In Touch

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Retail
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Western Europe
  • Asia

Supported Languages

  • English

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • PCI

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Construction
  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • Real Estate
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English
  • Hindi

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27001 - Internal
  • ISO 27701
  • PCI
  • CCPA
  • CMMC
  • COBIT
  • CPRA
  • FedRAMP
  • FFIEC
  • FISMA
  • GDPR
  • HIPAA
  • HITRUST
  • Microsoft SSPA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • SOX ITGC
  • Cyber Essentials

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Government
  • Healthcare
  • SaaS
  • Technology

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • Australia
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • PCI
  • CCPA
  • CMMC
  • GDPR
  • HIPAA
  • Microsoft SSPA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171

Resources

Pease Bell CPAs SOC 2 Timeline & FAQs

Pease Bell CPAs Risk Advisory Services Webpage

Ideal Client Size

  • SMB (1-300 FTE)

Industry Specialization

  • Finance and Insurance
  • Healthcare
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • Australia
  • Caribbean
  • Central America
  • South America
  • Eastern Europe

Supported Languages

  • English

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001 - Internal
  • CCPA
  • CPRA
  • GDPR
  • HIPAA

Resources

What Does a SOC Audit Cost?

How Long Will Your SOC Examination Take?

Iron Mountain Uses a Single Assessor for Agile Expansion

Lumen Leverages Strategic Alignment Under One Assessor

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Cryptocurrency
  • Finance and Insurance
  • Government
  • Healthcare
  • Privacy
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English

Additional Services Offered

  • Penetration Testing
  • Privacy Assessments

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27701
  • PCI
  • CCPA
  • CMMC
  • CPRA
  • FedRAMP
  • FISMA
  • GDPR
  • HIPAA
  • HITRUST
  • Microsoft SSPA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171

Resources

SOC Report FAQs

SOC Report Our Thoughts On Articles

SOC Report Case Studies

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Construction
  • Cryptocurrency
  • Finance and Insurance
  • Healthcare
  • Manufacturing
  • Privacy
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • Australia

Supported Languages

  • English

Additional Services Offered

  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001 - Internal
  • PCI
  • CMMC
  • FFIEC
  • GDPR
  • HIPAA
  • HITRUST
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • SOX ITGC

Ideal Client Size

  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Government
  • Healthcare
  • Manufacturing
  • Privacy
  • Technology

Regions Covered

  • United States
  • Canada

Supported Languages

  • English

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27701
  • PCI
  • CCPA
  • CMMC
  • CPRA
  • FedRAMP
  • FISMA
  • GDPR
  • GDPR Article 27 Representative
  • HIPAA
  • HITRUST
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • Cyber Essentials

Resources

How to Establish Your Vision and Gain Cybersecurity Traction

Cybersecurity During Uncertain Times

How to Use Cybersecurity KPIs

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Government
  • Healthcare
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English
  • Spanish

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27001 - Internal
  • ISO 27701
  • PCI
  • GDPR
  • HIPAA
  • HITRUST
  • Microsoft SSPA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171

Resources

SOC2

PCI

Penetration Testing

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • Real Estate
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27001 - Internal
  • ISO 27701
  • PCI
  • CCPA
  • CMMC
  • COBIT
  • CPRA
  • FedRAMP
  • FFIEC
  • FISMA
  • GDPR
  • GDPR Article 27 Representative
  • HIPAA
  • HITRUST
  • NIST CSF
  • NIST 800-53
  • NIST 800-171

Resources

ISO 27001 Certification

ISO 27701 Certification

ISO 22301 Certification

SOC2

PCIDSS

GDPR

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Central America
  • South America
  • Eastern Europe

Supported Languages

  • English

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27701
  • PCI
  • COBIT
  • GDPR
  • HIPAA

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Construction
  • Cryptocurrency
  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • Real Estate
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English

Additional Services Offered

  • CISO Advisory
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • ISO 27001 - Internal
  • CCPA
  • GDPR
  • HIPAA
  • HITRUST
  • NIST CSF
  • NIST 800-53

Resources

What's New for SOC 1 Reports in 2023

Critical Updates to SOC 2 Examinations: Impact on your 2023 Report

SOC 2 CC6: Common Criteria related to Logical and Physical Access

Which SOC Examination to Choose

Neil Gonsalves - Founder & CEO

Joseph Thorin - Associate Manager

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)

Industry Specialization

  • Finance and Insurance
  • Healthcare
  • Hospitality
  • Privacy
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English
  • Spanish
  • Hindi
  • Mandarin Chinese
  • Portuguese

Additional Services Offered

  • Penetration Testing

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27001 - Internal
  • PCI
  • FedRAMP
  • FISMA
  • HIPAA
  • HITRUST
  • Microsoft SSPA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)

Industry Specialization

  • Finance and Insurance
  • Healthcare
  • Privacy
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • Asia
  • Australia
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English
  • Mandarin Chinese

Additional Services Offered

  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • FISMA
  • HIPAA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • SOX ITGC

Resources

Matt Drewyor

Jake Nix

Michelle Bazzy

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)

Industry Specialization

  • Government
  • Healthcare
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States

Supported Languages

  • English

Additional Services Offered

  • CISO Advisory
  • Penetration Testing
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001 - Internal
  • CCPA
  • CMMC
  • CPRA
  • FISMA
  • GDPR
  • HIPAA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • SOX ITGC

Resources

Acumatica ERP Partner

Copeland Buhl Audit Services

SOC 2 & HITRUST

Example SOC-2 Report

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)

Industry Specialization

  • Construction
  • Finance and Insurance
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • SaaS
  • Technology

Regions Covered

  • United States

Supported Languages

  • English

Additional Services Offered

  • CISO Advisory
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • HIPAA
  • HITRUST
  • NIST CSF
  • NIST 800-53

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Privacy
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English
  • Spanish
  • French
  • Hindi
  • Portuguese

Additional Services Offered

  • Penetration Testing
  • Risk Advisory

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27001 - Internal
  • ISO 27701
  • PCI
  • CCPA
  • CMMC
  • GDPR
  • GDPR Article 27 Representative
  • HIPAA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • Cyber Essentials

Resources

Livepro Case Study

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Cryptocurrency
  • Finance and Insurance
  • Healthcare
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English
  • Mandarin Chinese

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • CCPA
  • GDPR
  • HIPAA

Resources

SOC 2 - Overview

SOC 1 - Do You Need One?

SOC for Cybersecurity

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Privacy
  • Real Estate
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • Australia
  • Eastern Europe

Supported Languages

  • English

Additional Services Offered

  • CISO Advisory
  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001 - Internal
  • CCPA
  • FISMA
  • GDPR
  • HIPAA
  • NIST CSF
  • NIST 800-53

Resources

Get In Touch

Industry Specialization

  • Government
  • Healthcare
  • Hospitality
  • Retail
  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • Asia
  • Australia
  • Central America
  • South America
  • Eastern Europe

Supported Languages

  • English

Additional Services Offered

  • Penetration Testing

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27701

Resources

Jesus Jimenez - Partner (Former EY)

Felipe Saboya - Partner (Former EY and BDO)

Natan Bradbury - Senior Manager (Former A-LIGN)

Adam Glover - Senior Manager (Former Cherry Bekaert)

Ricardo Romanach - Senior Manager (Former EY)

Marco Carvallo - Manager (Former A-LIGN)

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Construction
  • Cryptocurrency
  • Finance and Insurance
  • Government
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • Real Estate
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Mexico
  • Eastern Europe

Supported Languages

  • English
  • Spanish

Additional Services Offered

  • Penetration Testing
  • Privacy Assessments

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2013
  • ISO 27001:2022
  • ISO 27701
  • PCI
  • CCPA
  • COBIT
  • CPRA
  • GDPR
  • HIPAA
  • Microsoft SSPA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • SOX ITGC

Resources

SOC 2 Timeline and FAQs

Whitepaper - ISO27001

Whitepaper - Auditor Selection

Whitepaper - We have our SOC 2 report, now what?

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)

Industry Specialization

  • Construction
  • Finance and Insurance
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • Real Estate
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa

Supported Languages

  • English

Additional Services Offered

  • Privacy Assessments
  • Risk Advisory

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001 - Internal
  • CCPA
  • GDPR
  • HIPAA
  • NIST CSF

Resources

What are the keys to success with SOC 2 Reporting?

How do I communicate my new SOC 2 report?

What controls are required for SOC 2 reports?

How do I know what categories to choose for my SOC 2 report?

What's required after my first SOC 2® report?

Ideal Client Size

  • SMB (1-300 FTE)

Industry Specialization

  • SaaS
  • Start-ups
  • Technology

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • Africa
  • Australia
  • Caribbean
  • Central America
  • South America

Supported Languages

  • English

Additional Services Offered

  • Penetration Testing

Frameworks Supported

  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001 - Internal
  • HIPAA

Resources

EPK SOC 2 Case Study

5 Things to do Prior to a SOC Audit

Improving Cloud Security Controls Before a SOC 2 Audit

SOC 2 & Risk Management Guide

Ideal Client Size

  • SMB (1-300 FTE)
  • Mid Market (301-1,000 FTE)
  • Enterprise (1,000+ FTE)

Industry Specialization

  • Finance and Insurance
  • Healthcare
  • Hospitality
  • Manufacturing
  • Privacy
  • Real Estate
  • Retail
  • SaaS
  • Start-ups
  • Technology
  • Transportation

Regions Covered

  • United States
  • Canada
  • United Kingdom
  • Western Europe
  • India
  • Africa
  • Asia
  • Australia
  • Caribbean
  • Central America
  • South America
  • Eastern Europe

Supported Languages

  • English

Frameworks Supported

  • SOC 1 Type 1
  • SOC 1 Type 2
  • SOC 2 Type 1
  • SOC 2 Type 2
  • ISO 27001
  • ISO 27001:2022
  • COBIT
  • GDPR
  • HIPAA
  • Microsoft SSPA
  • NIST CSF
  • NIST 800-53
  • NIST 800-171
  • SOX ITGC