SOC2 Compliance Services


User entities and organizations want reporting that provides assurance on controls over operations and compliance, rather than just on controls over financial reporting. The AICPA created a framework to enable a broader type of third party attestation reporting on controls at service organizations beyond merely financial reporting. This framework is the Service Organization Control (SOC) reporting framework. The SOC framework has 3 different reporting options: SOC1, SOC2, and SOC3.

Some Facts

Firewall Invasions - 66%
Patching Vulnerabilities - 80%
External Hacking - 55%

SOC 2 reports are appropriate for engagements to report on controls at a service organization related to the Trust Service Principles, defined by the AICPA in TSP Section 100. The Trust Service Principles are:

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy

SOC 2 engagements are performed in accordance with AT section 101, Attestation Engagements, using guidance in the AICPA Guide, Reporting on Controls at the Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy.


Unlike PCI DSS, which has very rigid requirements, SOC 2 reports are unique to each organization.

Read more


Determining exactly which service offering(s) you want to make compliant

Read more


Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it's worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment. Following are ten benefits:

Read more


What is the purpose of a SOC 2 audit?

Read more


Read more

What Our Customers Say?

Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.