Since the introduction of Sarbanes-Oxley in 2002, many companies with SEC-registered customers are required to have SSAE16 (SOC1) examinations. In addition, SSAE16 reports are being required by many user organizations that outsource to service providers.
Personalized Service For Individuals & Businesses
SSAE16 / SOC Reports
At Hancock & Dana, we specialize in SSAE16 examinations with a process that is customized for each client to efficiently highlight internal controls, processes, values and integrity.
At Hancock & Dana, we offer Readiness Assessments as well as SOC1, SOC2 and SOC3 examinations.
- Readiness Assessments – Designed to assess a service organization’s preparedness for a SSAE 16 examination. Identifies controls the service organization should either implement or improve before having a SSAE 16 examination.
- SOC1 – Report on controls at a service organization that may be relevant to a user entity’s internal control over financial reporting. A type 1 report focuses on a description of the system and on the suitability of the design of its controls as of a specific date. A type 2 report contains the same opinions with the addition of an opinion on the operating effectiveness of the controls throughout the specified period.
- SOC2 – Report on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy. Similar to SOC1 in that a type 1 or type 2 report is available.
- SOC3 – Report that covers the same subject matter as SOC2, but does not include a description of the service auditor’s test of controls and results. The description of the system is less detailed than the SOC2 report.
Browse Our Services
“Hancock & Dana’s professionals are proactive – they truly care and have made a significant difference in helping me accomplish my goals.”