Main Menu

Experience Meets Process to Conduct Every Examination

The HORNE Cyber team provides SSAE 18/SOC reports in a wide range of industries. HORNE Cyber leverages cybersecurity expertise and CPA discipline to provide a unique approach to helping organizations complete SOC 1 (Type 1 and 2), SOC 2 (Type 1 and 2), SOC 3, and SOC for Cybersecurity examinations.

SOC 1, 2, and 3 Examinations

SOC 1 reports are intended to meet the needs of an organization’s management and auditors as they evaluate the effect of controls on their financial statement assertions. SOC 1 reports are important components of an organization’s evaluation of their internal controls over financial reporting for purposes of compliance with laws and regulations such as the Sarbanes-Oxley Act.

The SOC 1 Type 1 report focuses on the fairness of the presentation of management’s description of the organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

The SOC 1 Type 2 report focuses on the fairness of the presentation of management’s description of the organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

SOC 2 reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy.

SOC 2 reports are intended for use by the organization’s stakeholders such as customers, regulators, business partners, suppliers and directors of the service organization. These reports serve to form an important part of stakeholders':

  • Oversight of the organization
  • Vendor management program
  • Internal corporate governance and risk management processes
  • Regulatory oversight

The SOC 2 Type 1 report focuses on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

The SOC 2 Type 2 report focuses on the fairness of the presentation of management’s description of the organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

SOC 3 reports are designed to meet the needs of users who need assurance on the controls at a service organization related to security, availability, processing integrity, confidentiality, or privacy but do not have the need for or the knowledge necessary to make effective use of a SOC 2 report. Because SOC 3 reports are general use reports, they can be freely distributed.

SOC for Cybersecurity

The AICPA recently released guidelines for the SOC for Cybersecurity. This examination provides organizations with a framework for communicating about the effectiveness of their cybersecurity risk management program to build trust and confidence. A SOC for Cybersecurity will not only provide you with useful information for decision-making about your cybersecurity risk management program, but also help you communicate the level of security you are providing to your client’s for their peace of mind.

Through our SOC for Cybersecurity service, we will perform an examination of management’s description of the cybersecurity program for your operations. This process involves performing a readiness assessment of your cybersecurity program along with performing a cybersecurity risk assessment using the established NIST framework. This process will help you to answer three main questions: (1) What are our risks? (2) How are we addressing cybersecurity? (3) How are we communicating security to our clients? The SOC for Cybersecurity will: 

  • Provide a third party, independent and objective look at your cyber program
  • Promote transparency, accountability and focus
  • Enhance board and executive understanding of cyber risks
  • Uncover IT risk areas

Learn more about these benefits by visiting our SOC for Cybersecurity page. 

Learn More

Build trust and confidence with your customers, partners, and board of directors using the SOC for Cybersecurity. 

Learn More