Main Menu

Experience Meets Process to Conduct Every Examination

The HORNE Cyber team provides SSAE 16/SOC reports in a wide range of industries. HORNE Cyber leverages cybersecurity expertise and CPA discipline to provide a unique approach to helping organizations complete SOC 1 (Type 1 and 2), SOC 2 (Type 1 and 2), and SOC 3 examinations.

SOC Examinations

SOC 1 reports are intended to meet the needs of an organization’s management and auditors as they evaluate the effect of controls on their financial statement assertions. SOC 1 reports are important components of an organization’s evaluation of their internal controls over financial reporting for purposes of compliance with laws and regulations such as the Sarbanes-Oxley Act.

The SOC 1 Type 1 report focuses on the fairness of the presentation of management’s description of the organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

The SOC 1 Type 2 report focuses on the fairness of the presentation of management’s description of the organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

SOC 2 reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy.

SOC 2 reports are intended for use by the organization’s stakeholders such as customers, regulators, business partners, suppliers and directors of the service organization. These reports serve to form an important part of stakeholders':

  • Oversight of the organization
  • Vendor management program
  • Internal corporate governance and risk management processes
  • Regulatory oversight

The SOC 2 Type 1 report focuses on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

The SOC 2 Type 2 report focuses on the fairness of the presentation of management’s description of the organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

SOC 3 reports are designed to meet the needs of users who need assurance on the controls at a service organization related to security, availability, processing integrity, confidentiality, or privacy but do not have the need for or the knowledge necessary to make effective use of a SOC 2 report. Because SOC 3 reports are general use reports, they can be freely distributed.

HORNE Cyber leverages cybersecurity expertise and CPA discipline to provide a unique approach to helping organizations stay compliant.