Your customers want assurance. We can help.

SSAE 18 & System and Organization Control (SOC) Reports

Innovations in technology and the reliance on third-party servicing have increased the need for service organizations to obtain System and Organization Controls (SOC) reports to provide assurance to their customers that their data is safe and the related service commitments are met. That’s where we come in.

Nationally recognized SOC specialists

Service organizations that provide outsourcing of certain business processes, functions, and systems need to be able to provide assurance to their clients, particularly healthcare and financial services providers.

We have years of experience developing SSAE-18, SOC 1, and SOC 2 reports. In fact, our practice leader Patrick Morin authored the AICPA’s Introduction to SOC Auditing, and earned the AICPA’s Advanced SOC for Service Organizations Certification.

How we can help

Engagement quality review
Readiness assessments
SSAE 18
System and Organization Control Reports 1 – A SOC 1 report evaluates the effectiveness of a service organization’s controls over a user entity’s financial statement assertions.
System and Organization Control Reports 2 – A SOC 2 report provides detail over the controls at a service organization as they relate to security, availability, processing integrity, confidentiality or privacy.
System and Organization Control Reports 3 – A SOC 3 report is a trust service examination report, which addresses the same subject areas as a SOC 2 report, but in a shortened version. This report can be used in a service organization’s promotional efforts and on its website.
SOC for Cybersecurity
SOC for Supply Chain

Wondering what SOC report is right for your company? Download our guide to get started.

Get the Guide

Practice Lead

Patrick Morin

Principal

Pat specializes in AICPA’s SOC for Service Organizations (SOC 1® and SOC 2®), Sarbanes-Oxley Act, information technology controls, and data extraction and analysis. Pat also leads the firm’s ESG-related services, assisting clients with ESG planning and reporting efforts.

Meet Pat

Featured Piece By Patrick Morin

Service businesses we work with

Collection agencies
Third-party service providers
Payment processors
Trust companies
Managed service providers
Software-as-a-Service and cloud technology providers

How can BNN help your business?

Check out our case studies to learn more.

What our clients are saying

"Our BNN auditor is the best! They know our environment, know me, and is very collaborative and pragmatic. They do what needs to be done in a way that maximizes the value we get from our SOC audits."

Related insights

Assurance

Key Characteristics and Attributes of a Strong Internal Control Environment

Assurance

What the New National AI Framework Means for Your Business

Assurance

Key Considerations for SOX Compliance

View All Posts

We look forward to partnering with you.

Get in touch

SSAE 18 & System and Organization Control (SOC) Reports

Nationally recognized SOC specialists

How we can help

Wondering what SOC report is right for your company? Download our guide to get started.

Patrick Morin

Service businesses we work with

How can BNN help your business?

What our clients are saying

Related insights

Key Characteristics and Attributes of a Strong Internal Control Environment

What the New National AI Framework Means for Your Business

Key Considerations for SOX Compliance

We look forward to partnering with you.

HLB International Releases Global Annual Review 2025

BNN wins Excellence in Client Experience Award from Client Savvy

BNN partners with NetSuite on system optimizations for ReVision Energy

SSAE 18 & System and Organization Control (SOC) Reports

Nationally recognized SOC specialists

How we can help

Wondering what SOC report is right for your company? Download our guide to get started.

Patrick Morin

Service businesses we work with

How can BNN help your business?

Related services

IT General Controls Reviews & Assessments

Environmental, Social, and Governance Services

Audits, Reviews, and Financial Reporting Services

Business and Technology Advisory Services

What our clients are saying

Related insights

Key Characteristics and Attributes of a Strong Internal Control Environment

What the New National AI Framework Means for Your Business

Key Considerations for SOX Compliance

We look forward to partnering with you.