Your Checklist for Your System and Organization Controls Audit

SOC 1 and SOC 2 readiness efforts commonly require six months to a year of work. Most companies require consultants to avoid the many landmines buried in the industry’s often opaque and esoteric SOC audit guidance. Depending on the company’s needs, a consultant can provide a range of services to include:

  • Preparing the description of the system.
  • Preparing the risk and control matrix.
  • Performing a gap analysis and providing related recommendations.
  • Assisting with implementing corrective actions.

Submit the form to the right to get your checklist to getting started on a SOC Audit without a consultant.

SOC Audit 101 Guide

Your Checklist for Your System and Organization Controls Audit

Is Your Customer Data Secure?

Virginia Data Center – SOC 2 Experience

Keiter CPAs works with data centers in Richmond and across Virginia conducting SOC 2 examinations. We work with enterprise, colocation facilities, hyperscale, edge and other data centers. Our team has years of experience conducting SOC 2 examinations and understand the common risk factors, areas of exposure, and critical testing variables. The result is not only a SOC 2 audit report but also best practices and other insights to strengthen your IT environment.

SOC 2 Report Services

  • SOC 2 Type 1 – This audit reports on management’s description of a service organization’s system of internal controls and the suitability of the design. It does not generally involve sample testing to demonstrate controls functioned effectively over a period. It is commonly used when a service organization needs a report in a short period of time, it’s the first time going through the process, or for marketing purposes.
  • SOC 2 Type 2- A Type II audit provides the same assurances in a Type I audit, but also includes assurance over the operating effectiveness of internal controls. Unlike the Type I, the Type II provides assurances that internal controls operated effectively over a period of time, typically no shorter than six months. The Type II audit is preferred by most service organizations because it generally satisfies its user organization and user organization auditor’s requirements.
  • Readiness Services – Who better to help you prepare for a SOC audit than SOC auditors? Our team leverages years of SOC audit experience to help you identify and remediate control gaps and weaknesses.

Virginia Data Centers

The state of Virginia is the largest data center market and is home to 150 of the known hyperscale data centers globally. The combination of strong investment in fiber optics and other pioneering technologies, including robust tax incentives, has made Northern Virginia the destination for data center location.


Contact Us