Focusing on Controls Related to the Trust Services Principles

SOC 2, Type 1: Have You Planned Adequate Controls?

An effective SOC 2 examination should do more than deliver assurance to your clients that you handle their data properly—it should improve your business’ ability to do so.

A SOC 2, Type 1 examination is an important step toward providing the assurance that you and your clients need. The SOC 2, Type 1 examines the description you have provided of the internal controls in your system, and it measures that description against one or more of the AICPA’s Trust Service Principles – Security, Availability, Process Integrity, Confidentiality, Privacy. It serves as a stepping-stone for the SOC 2, Type 2 that examines whether or not your system of controls actually functions as described.

Through the Hein SOC Readiness Assessment, we work with our clients to help them understand what controls need to be in place to earn a favorable SOC 2 examination and identify any gaps between their current controls and the desired system.

CONTACT US to find out what your organization needs to do to prepare for a SOC 2, Type 1 examination.

SOC 2, Type 2: Evaluating the Effectiveness of Your Operational Controls

For most of your clients, it is not enough to know that you have described a system that should keep their information safe. They want an added degree of confidence that your controls are actually operating effectively over a particular period of time. That is the assurance they get from a SOC 2, Type 2 opinion.

When your clients count on you for services that involve their sensitive data, a SOC 2, Type 2 report provides them with an objective, third-party look at the controls you provide to secure that data. The SOC 2, Type 2 examination measures the operation of your controls against the Trust Services Principles set forth by the AICPA, and it provides your clients with a description of the tests that the independent accountant performs and the results of those tests.

If your clients require third-party assurance of the operating effectiveness of the controls you have in place to protect their information, contact the independent auditors at Hein to find out how we can help you provide that assurance through a SOC 2, Type 2 report.

To prepare for a SOC 2 report Hein can help a Service organization prepare for its formal SOC audit by performing a Readiness Assessment.

See How We Can Help With Our Readiness Assessment

Why Hein?

  • Service organization reporting standards expertise
  • Efficient, effective and practical solutions for all size companies
  • Responsiveness and communication
  • Strong mutual relationships
  • Service auditor quality of service
  • Certified Privacy professionals
  • Practical templates and tools so clients can quickly prepare for SOC audits
  • Broad client base across most industries to leverage experience
  • Strong cloud services IT and security experience


Please contact for more information or call 877-554-7735.