SSAE 18 & System and Organization Control (SOC) Reports

Your customers want assurance. We can help.

Innovations in technology and the reliance on third-party servicing have increased the need for service organizations to obtain System and Organization Controls (SOC) reports to provide assurance to their customers that their data is safe and the related service commitments are met. That’s where we come in.

Let's Talk
Practice Lead

Patrick Morin


Pat specializes in information technology controls, data extraction and analysis, financial institutions, Sarbanes-Oxley Act, and AICPA’s SOC for Service Organizations (SOC 1® and SOC 2®).

Patrick Morin

Nationally recognized SOC experts

Service organizations that provide outsourcing of certain business processes, functions, and systems need to be able to provide assurance to their clients, particularly healthcare and financial services providers.

We have years of experience developing SSAE-18 SOC 1 and SOC 2 reports. In fact, our practice leader Patrick Morin authored the AICPA’s Introduction to SOC Auditing, and earned the AICPA’s Advanced SOC for Service Organizations Certification.

How we can help

  • SSAE 18
  • System and Organization Control Reports (SOC 1)
  • System and Organization Control Reports (SOC 2)

What our clients are saying

As always, BNN makes this process as painless as possible. I view BNN not as
just our auditing firm, but as a valued partner in helping us establish the appropriate
controls and processes to ensure we operate in the best interest of our clients.

We look forward to partnering with you.