HITRUST June 2025 Newsletter
Get a risk-based approach that considers your industry and operations, the complexity of your control environment, and the needs of your SOC report users.
SOC reporting is one of the most well-established and accepted third-party assurance reporting options. Whether you are working toward your first SOC exam or have been issuing reports for years, a high-quality SOC report helps build confidence and reflects key areas of your business, industry, and technology environment. Our team has extensive SOC experience and understands that every business is different, so we create a customized SOC examination plan that can work best for your needs.
We can look broadly at all of your organization’s reporting needs and provide multiple solutions to help reduce audit fatigue, minimize disruptions, and restore valuable time.
Plus, our Crowe Secure Information Exchange gives you a simple, secure, and streamlined way to view real-time status, identify action items, and communicate with us during your Crowe engagement.
We have extensive experience providing the following types of SOC reporting services and can help you refine your SOC strategy.
Readiness assessment
Whether you’re preparing for your first SOC examination or making significant changes to your in-scope environment, a readiness assessment helps you define scope and – most importantly – identify and address any issues before a formal examination.
SOC 1 report
A SOC 1 report focuses on how your internal controls affect your customers’ internal control over financial reporting (ICFR) and is primarily intended to support your customers’ financial statement audits. A SOC 1 report is most relevant for services involving clients’ financial transactions or reporting.
SOC 2 report
A SOC 2 report evaluates how you manage and protect data based on the American Institute of CPAs Trust Services Criteria. A SOC 2 report is applicable to any service and any type of data and is designed to address one or more of the following areas: security, availability, confidentiality, processing integrity, and privacy.
SOC 2+ report
A SOC 2+ report builds on a standard SOC 2 report by incorporating additional control requirements, such as those in National Institute of Standards and Technology (NIST) standards or the Health Insurance Portability and Accountability Act (HIPAA). It’s useful for addressing multiple compliance obligations or showcasing alignment with industry standards within a single report.
Readiness assessment
Whether you’re preparing for your first SOC examination or making significant changes to your in-scope environment, a readiness assessment helps you define scope and – most importantly – identify and address any issues before a formal examination.
SOC 1 report
A SOC 1 report focuses on how your internal controls affect your customers’ internal control over financial reporting (ICFR) and is primarily intended to support your customers’ financial statement audits. A SOC 1 report is most relevant for services involving clients’ financial transactions or reporting.
SOC 2 report
A SOC 2 report evaluates how you manage and protect data based on the American Institute of CPAs Trust Services Criteria. A SOC 2 report is applicable to any service and any type of data and is designed to address one or more of the following areas: security, availability, confidentiality, processing integrity, and privacy.
SOC 2+ report
A SOC 2+ report builds on a standard SOC 2 report by incorporating additional control requirements, such as those in National Institute of Standards and Technology (NIST) standards or the Health Insurance Portability and Accountability Act (HIPAA). It’s useful for addressing multiple compliance obligations or showcasing alignment with industry standards within a single report.
SOC 3 report
A SOC 3 report provides high-level assurance based on the same trust services criteria as a SOC 2 report but without disclosing detailed control information. A SOC 3 report is well suited for sharing with prospects and supporting marketing and sales efforts.
SOC for Cybersecurity report
A SOC for Cybersecurity report evaluates the effectiveness of your cybersecurity risk management program. In contrast with a SOC 2 report’s focus on specific services and customer information, a SOC for Cybersecurity report offers a broader view of how your organization manages cybersecurity threats at the enterprise level.
Custom controls examination
A custom controls examination provides an independent opinion on your controls, similar to a SOC report but with added flexibility related to the control areas. This allows organizations to focus on specific industry frameworks (similar to a SOC 2+ but without requiring the SOC 2 trust services criteria) or to address unique contractual requirements related to areas like security or processing.
SOC 3 report
A SOC 3 report provides high-level assurance based on the same trust services criteria as a SOC 2 report but without disclosing detailed control information. A SOC 3 report is well suited for sharing with prospects and supporting marketing and sales efforts.
SOC for Cybersecurity report
A SOC for Cybersecurity report evaluates the effectiveness of your cybersecurity risk management program. In contrast with a SOC 2 report’s focus on specific services and customer information, a SOC for Cybersecurity report offers a broader view of how your organization manages cybersecurity threats at the enterprise level.
Custom controls examination
A custom controls examination provides an independent opinion on your controls, similar to a SOC report but with added flexibility related to the control areas. This allows organizations to focus on specific industry frameworks (similar to a SOC 2+ but without requiring the SOC 2 trust services criteria) or to address unique contractual requirements related to areas like security or processing.
HITRUST June 2025 Newsletter
HITRUST April 2025 Quarterly Newsletter
Upgrading and refining your SOC 2 report: FAQ
Which SOC report is right for you?
AI Security Assessments With HITRUST: FAQ
Our deep specialization in SOC reporting spans a variety of industries, offering you the expertise you need to create an on-time, comprehensive SOC report.
Reach out to our team today to see how we can build a custom SOC reporting plan for your business.