You are here

Our Experience

SOC reports from your organization assist your customers in complying with the financial audit or regulatory requirements they must adhere to (SOX, GLBA, HIPAA, FFIEC) and provide assurance that your organization has sound internal control practices. Additionally, Companies interested in targeting certain verticals like finance or health care should know that they will encounter high expectations for their internal controls. Potential customers in these industries may be unwilling to consider vendors that do not meet the SOC standards. 

Whether you are a healthcare IT firm with SOC and HIPAA regulatory concerns or a SaaS provider being inundated with lengthy security questionnaires, Wolf & Company can help you find the correct SOC report for your needs.

The use of each report varies based on the product or service you provide to your customers:

SOC 1: Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting

This report is important for the evaluation of internal controls over financial reporting and will be used in the audit of your customer’s financial statements. The SOC 1 aligns most closely with the old SAS 70 and is also known as a SSAE 18 - formerly known as SSAE 16

SOC 2: Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

This report is important for the evaluation of internal control over areas pertaining to security, availability, processing integrity, confidentiality or privacy. The SOC 2 will help your customers satisfy their vendor management, business continuity or regulatory requirements.


This report creates efficiencies and cost savings by utilizing the mapping between the HITRUST Common Security Framework and the AICPA’s Trust Services Principles and Criteria. It leverages the HITRUST CSF controls as part of the SOC 2.

SOC for Cybersecurity

This report utilizes the AICPA’s Cybersecurity Risk Management Reporting Framework to evaluate an organization’s ability to manage cybersecurity threats. The SOC for Cybersecurity will give your customers confidence that your organization has effective controls in place to detect, respond to, mitigate and recover from breaches and other security events.

 AICPA Badge - SOC Reports

Our Approach

At Wolf, our professionals include healthcare and financial regulatory audit as well as information security experts to help you provide the most suitable report for your customer’s needs. Wolf’s team maintains the industry-relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information System Security Personnel (CISSP), Certified Common Security Framework Practitioner (CCSFP), and Certified Public Accountant (CPA). This level of experience and our depth of knowledge in multiple industries can ensure that you provide the highest level of assurance to your customers.