How SOCR Works


We offers an interactive audit status dashboard that provides you with a comprehensive overview of your audit. You can see at a glance where your audit stands, and quickly drill down into the details of any finding.

Control Details

Receive automated notifications for requests that match your specified criteria.


Check and edit all the given evidences and submit to the auditor.

Key Capabilities

  1. Standardized Compliance Request

    With our unique approach to evidence collection, we compare common security frameworks and create one request to address multiple criteria. This reduces the total number of requests required from each additional audit, saving you time and money.

  2. Centralized Evidence Collection

    Speed up your work by reducing the time needed to analyse data.

  3. Consolidated Audit Dashboard

    Reduces the time required to compile Audit Reports.

  4. Audit Consolidation & Crosswalk

    Get a complete view of your security posture. Compliance support for ISO 27001, NIST, PCI DSS, HIPAA, and GDPR.


It covers Cyber controls as expressed by a company's organization-wide cyber risk management program.


Controls to address information systems around 5 trust service criteria namely security, availability, confidentiality, privacy and processing integrity

ISAE 3000/ ISAE 3402

This is the International assurance standard describing the SOC engagements.


Controls to address information systems around 5 trust service criteria namely security, availability, confidentiality, privacy and processing integrity

CSAE 3000 / CSAE 3416

This is the Canadian standard that addresses the audit engagement undertaken by service auditor to report control of organizations that provide service to user entity.

Type-1 / Type-2

A Type 1 report attests to the suitability of the controls being used, while a Type 2 report contains an opinion regarding the operating effectiveness of those controls over the audit period.

Looking for

An Experienced Auditor

With a lot of experience in compliance, hiring us will become a right solution for your business!

300 +
Trusted Clients
7 +
29 +
Years of Experience
60 +
  • Kick off Deck
  • Project plan (Timelines and detailed deliverables based on identified objectives)
  • Performing gap analysis for identified objectives and also SOC controls and risks. Provide solution for identified gaps
  • Control design and documentation
  • Perform testing and share final issue log
  • Draft SOC Report
  • Final SOC report


In current scenario of emerging technologies, most of the organizations outsource few aspects of their business to vendors which can either include performing a specific task or replacing an entire business function. Vendors can handle various functions like customer support, financial technology, data storage, software development etc. With all these advantages, organizations should also consider various inherent risks associated with outsourcing.

Frequently Asked Questions

SOC 1 financial reporting controls
  1. Financial services – Custodial services
  2. Healthcare claims processing
  3. Payroll processing
  4. Payment Processing
  1. Cloud ERP service
  2. Data center colocation
  3. IT systems management

SOC 2/SOC 3 operational controls

  1. Enterprise cloud e-mail
  2. Cloud collaboration
  3. Software-as-a-service-(SaaS)- based HR services
  4. SaaS enterprise system housing third-party data
  5. Any service where topics such as security, availability, and privacy are areas of concern
Domain Trust Services Principle Applicability
Security Under this Trust administration rule, the SOC checked IT framework and Business administrations are safeguarded against unapproved access that tends to physical and sensible the two different ways of access.
  1. Most commonly requested area of coverage
  2. Security Criteria are also incorporated into the other Principles because security controls provide a foundation for the other domains
  3. Applicable to all outsourced environments, particularly where enterprise users require assurance regarding the service provider’s security controls for any system, nonfinancial or financial
Availability This trust administration guideline guarantee that the IT and Business framework ought to be accessible for activity and offer types of assistance as submitted or concurred with the client and regarded partners.
  1. Second most commonly requested area of coverage, particularly where disaster recovery is provided as part of the standard service offering
  2. Most applicable where enterprise users require assurance regarding processes to achieve system availability SLAs as well as disaster recovery which cannot be covered as part of SAS 70 or SOC 1 reports
Confidentiality This trust service principle addresses that the Information which are designated as confidential should be protected adequately as committed or agreed by the stakeholders.
  1. Most applicable where the user requires additional assurance regarding the service provider’s practices for protecting sensitive business information
Processing Integrity This trust service principle addresses that the System processing is complete, accurate, timely and authorized.
  1. Potentially applicable for a wide variety of non- financial, and financial scenarios wherever assurance is required as to the completeness, accuracy, timeliness, and authorization of system processing
Privacy This trust service principle ensures that the Personal information is adequately collected, stored, used, disclosed and purged in compliance with the commitments as per the user entity’s privacy notice and by setting up a criterion set forth in normally accepted privacy principles in accordance with AICPA.
  1. Most applicable where the service provider interacts directly with end users, and gathers their personal information
  2. Provides a strong mechanism for demonstrating the effectiveness of controls for a privacy program
Audit Preparation Audit
Define audit scope, and overall project time line Provide overall project plan
Identify existing or required controls through discussions with management, and review of available documentation Complete advance data collection before on-site work to accelerate the audit process
Perform readiness review to identify gaps requiring management attention Conduct on-site meetings, and testing
Communicate prioritized recommendations to address any identified gaps Complete off-site analysis of collected information
Hold working sessions to discuss alternatives, and remediation plans Conduct weekly reporting of project status, and any identified issues
Verify that gaps have been closed before beginning the formal audit phase Provide a draft report for management review, and electronic, and hard copies of the final report
Determine the most effective audit, and reporting approach to address the service provider’s external requirements Provide an internal report for management containing any overall observations, and recommendations for consideration

A SOC 2 Type 1 audit is an audit report containing procedures and controls prepared at a particular point of time. It is generally the design of controls report which evaluates the design on controls put into operations at a point of time. A SOC 2 Type 2 audit reports audits the operating effectiveness of the controls throughout a declared time period, between 6 months and one year. It provides the highest level of assurance to all customers and clients.

SOC 2 preparation usually happens in a few stages. First, your company should identify all “key systems” and perform a gap analysis against all requirements documented in the Trust Services Principles and Criteria. Next, existing security controls should be identified and policies and procedures should be written to meet all requirements. This can take anywhere from a few weeks to up to 6 months, depending on the size and maturity of your company. At this point you are ready for the SOC 1 Type I audit. A SOC 2 Type II audit is typically performed 6 months later.

Traditional SAS 70 SOC 1 SOC 2 SOC 3
Auditor’s Opinion Auditor’s Opinion Auditor’s Opinion Auditor’s Opinion
- Auditor’s Opinion Management Assertion Management Assertion
Assertion System Description (including controls) System Description (including controls) System Description (including controls) System Description (including controls)
Control objectives Control objectives Criteria Criteria (referenced)
Control activities Control activities Control activities -
Tests of operating effectiveness Tests of operating effectiveness Tests of operating effectiveness -
Results of tests Results of tests Results of tests -
Other Information (if applicable) Other Information (if applicable) Other Information (if applicable) -
Streamlined Audit Process :-

There are several requests made by clients to service organisations to share the details of their internal policies and controls.In between these requests, they also receive requests related to audit the service organization. Sharing a single,Comprehensive control report to their clients will help service organizations in :-

  1. Reducing the time spent internally in assisting and responding to multiple auditor requests.
  2. Providing an independent and standardized report which is readily provided to assist clients.
Regulatory Necessity :-

Organizations, when scrutinized by their regulators are asked to showcase the evidence on how they manage the risks and controls which are related to Third Party service providers. Let’s take an example of a third party management which was subjected to Financial Services Authority’s recent “Dear CEO” letter. As far our experience is concerned, SOC Report is the most demanded requirement due to its diligence process.

Competitive Advantage :-

SOC Report focuses on the details of the services provided along with policies, procedures and controls that service organization has in place. Demands for SOC Report within firms are increasing rapidly which adds a competitive advantage having independent assurance over their systems.

Requirement for a Parent Company :-

SOC Report is asked by the parent company as an evidence to check whether control environment is in place or not. Types of report – Type1 and Type2 is specified when the client requests it.

our Clients


Featured Resources

our team

Sanyam Goel

Mayank K.

Matthew P

Vikas Jhunjhunwala

Sample Report


Project plan


This Stream includes all of our Case Studies Flipbooks

  • Sitrion Case Study

    SOC Audit Case Study for a Payroll Process

    This query has been heard many times by different organization that -What is SOC 1 report?

    View Case Study
  • Sitrion Case Study

    ABC Ltd - SOC 2 Readiness Assessment Case Study

    ABC Ltd provides hosted platforms services using secure and reliable cloud technologies...

    View Case Study
  • Sitrion Case Study

    SOC Case Study for SAAS company

    Accorp performed SOC 1 and SOC 2 audit for Simplain Software Solutions LLC. This was the 1st time that simplain was going for a SOC audit and hence they wanted us to perform readiness assessment for the control environment. While performing the readiness assessment, some of the gaps in Simplain’s Information security policies and procedures were identified and few recommendations were given to improve the IT processes for domains like incident management, service request management, etc.

    View Case Study
Applicable Standards
Canadian Only SOC 1 CSAE 3000 and CSAE 3416
SOC 2/3 CSAE 3000
SOC For Cyber
Canadian and U.S. SOC 1 Canadian: CSAE 3416 and CSAE 3000
SOC 2/3 U.S.: AT-C Section 105,205 and 320
Canadian : CSAE 3000
SOC for cyber U.S.: AT-C Section 105 and 205
Canadian and International SOC 1 Canadian: CSAE 3416 and CSAE 3000
International : ISAE 3000 and ISE 3402
SOC 2/3 Canadian : CSAE 3000
SOC for cyber International : ISAE 3000
Canadian, U.S. and International SOC 1 Canadian : CSAE 3000 and CSAE 3416
U.S. : AT-c Sections 105, 205 and 320
International : ISAE 3000 and ISAE 3402/td>
SOC 2/3 Canadian: CSAE 3000
U.S.: AT-C Sections 105 and 205
International: ISAE 3000
SOC for cyber

Our industry specialization

Our long periods of involvement across enterprises runs profound while we keep a consistent post for what's straightaway. See what we convey in your area.





Information Technology