Get a Quote

SOC 2 Audits – San Francisco (CA)

SOC 2 Examinations

San Francisco and California business owners need to ensure sensitive data is protected, especially when it comes to the financial and personal identification information (e.g. social security numbers) of customers and clients. Ensuring there are robust internal controls and cybersecurity policies and practices in place to protect against a breach is essential. Increasingly, many clients and customers are asking their vendors for a Systems Organization Control (SOC 2) Audit Report as a condition for doing business with them, or, in the case of contract renewals, continuing these relationships. A SOC 2 Report is an opinion on the effectiveness and design of an organization’s internal controls that meet the AICPA Trust Services Criteria. In essence, it is a statement verifying the effectiveness of an organization’s risk management efforts to protect the information of its customers and clients.

San Francisco SOC 2 Audits

McKonly & Asbury provides SOC audits to companies in San Francisco, California and beyond. Typically, we work with organizations that use or store sensitive financial and personal data that cybercriminals want. Our clients include data centers, loan servicing companies, insurance companies, medical claims processors, and payroll providers. Broadly, any organization that provides services to customers that directly impact the customer’s financial statements would be a candidate for such a report. Service organizations should evaluate their needs along with their customers’ reporting needs prior to determining the type of SOC report that applies to their needs. There are two types of SOC 2 audits:

• SOC 2 Type I – A SOC 2 Type I report is an opinion on management’s description of a service organization’s system and the suitability of their design of controls that meet the AICPA’s Trust Service Criteria for Security. It can also address Availability, Processing Integrity, Confidentiality, and/or Privacy, depending on your customers’ requirements. The report is made up of the auditor’s opinion, management’s assertion on the presentation and design of the controls, a description of the service organization’s systems and controls, and a listing of the organization’s controls. The SOC 2 Type I audit report differs from the SOC Type II in that the former covers ONLY the suitability of the design and addresses ONLY at one specific point in time.
• SOC 2 Type II – A SOC 2 Type II report is an opinion on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls that meet the AICPA’s Trust Service Criteria for Security. Similar to a SOC 2 Type I, this report can also address Availability, Processing Integrity, Confidentiality, and/or Privacy, depending on your customers’ requirements. A SOC 2 Type II audit report contains the same core components as a Type I, but Type II is expanded to include the procedures used by the auditor to test the stated controls and the results of such tests over a defined period rather than a single point in time.

Additional Healthcare Solutions

McKonly & Asbury also has extensive experience with HIPAA regulations. Learn more about how we can support your security and privacy needs on our HIPAA Compliance page.

At McKonly & Asbury, we understand the unique challenges and responsibilities facing internationally owned companies operating within the United States. Our SOC audit services—ranging from SOC 1 and SOC 2 to SOC 3 and SOC for Cybersecurity—are tailored to support the needs of these businesses, providing scalable, efficient, and actionable solutions that help you stay secure, compliant, and trusted in today’s complex digital environment.

About San Francisco (CA)

San Francisco’s business scene is a mosaic of sectors that reflect the city’s evolution and forward-thinking mindset. The tech industry, with Silicon Valley at its heart, has propelled the city to international prominence. From the birth of the personal computer to the rise of cutting-edge startups, San Francisco continues to push the boundaries of technological advancement.

Yet, the city’s business community extends far beyond tech. Finance, tourism, healthcare, and creative industries also play pivotal roles, creating a multifaceted ecosystem that drives economic growth. The iconic Golden Gate Bridge stands as a metaphor for the city itself—a bridge connecting different sectors and cultures.

In the midst of this bustling landscape, networking and collaboration are the cornerstones of San Francisco’s success. Tech giants, small startups, and local businesses alike gather at events, co-working spaces, and incubators, nurturing a sense of community that encourages cross-pollination of ideas.

Education also thrives, with esteemed institutions like the University of California, San Francisco, and Stanford University contributing to research, talent, and intellectual capital that fuels innovation.

McKonly & Asbury provides SOC 2 reports to companies across the US including those located in Atlanta (GA), Boise (ID), Boston (MA), Charlotte (NC), Cleveland (OH), Dallas (TX), Des Moines (IA), Detroit (MI), Houston (TX), Indianapolis (IN), Miami (FL), Minneapolis (MN), Nashville (TN), Orlando (FL), Omaha (NE), Phoenix (AZ), Portland (OR), Richmond (VA), San Diego (CA), Seattle (WA), and Tulsa (OK).