Every year, Schellman & Company, LLC performs thousands SOC examinations, which has given us exposure to a wide range of system architectures, control implementations, and organizational structures.

At Schellman & Company, LLC, we view our relationships with clients as strategic and long lasting, and we take pride in extending our value beyond just delivering compliance assessments and reports. With our extensive depth and breadth of experience, we provide insightful observations and valuable insights on various external factors, such as technology industry strategies and relevant trends in the marketplace. This enables us to deliver solutions that not only meet compliance needs but also help our clients stay ahead of the curve in an ever-evolving cyber security landscape.

Services We Provide

• SOC 1 - For many organizations, their financial statements will be the only story told regarding the performance of their business. SOC 1 reporting helps those organizations gain trust that their outsourced business partners are also doing their part to protect the organization’s financial reporting processes, or internal controls over financial reporting (ICFR). Schellman & Company, LLC can perform readiness assessments, Type 1, and Type 2 examinations.

• SOC 2 - A SOC 2 examination can help you communicate assurances to your customers regarding your controls as they relate to the 5 trust service categories: security, availability, processing integrity, confidentiality, and/or privacy. During a SOC 2 examination, our auditors will assess your controls against the established criteria as laid out by the American Institute of Certified Public Accountants (AICPA) for the category (or categories) that you choose to include. Schellman & Company, LLC can perform readiness assessments, Type 1, and Type 2 examinations.

• SOC 3 – Similar to a SOC 2, a SOC 3 report can assist your organization in communicating your posture as it pertains to the trust service categories as pre-established by the AICPA. A SOC 3 report is a brief report that can be publicly distributed, on a website for example, to provide your customers and potential customers an independent examination of the organization’s security controls. Schellman & Company, LLC can perform a readiness assessment or a Type 2 examination for SOC 3.

• SOC for Supply Chain - The SOC for Supply Chain report provides a direct option for organizations that previously relied on vendor questionnaire responses because service provider assessment reports (SOC 1, SOC 2, SOC 3, many PCI ROCs, etc.) were unavailable for use by suppliers.

• SOC for Cybersecurity - SOC for Cybersecurity reports are designed to help organizations communicate meaningful information about the effectiveness of their cybersecurity risk management program and controls, in the form of a CPA firm’s independent attestation report. SOC for Cybersecurity report users may include senior management, boards of directors, analysts, investors and business partners.