Make A Payment
Client Portal
Contact us
Contact us

What are the differences between a SOC for Cybersecurity examination and a SOC 2 examination?

AUDIT, CYBERSECURITY, SOC 2
Share with a colleague Download PDF

The following list highlights some of the key differences between a SOC for Cybersecurity report and a SOC 2 report.

PURPOSE

SOC for Cybersecurity:
 To provide intended users with useful information about an entity’s cybersecurity risk
management program, so that users may make informed decisions. 

SOC 2:
To provide a broad range of system users with information about controls at the service organization relevant to
security, availability, processing integrity, confidentiality and/or privacy to support users’ evaluations of their own systems
of internal control.

INTENDED USERS

SOC for Cybersecurity:
Management, directors, analysts, investors, and others whose decisions might be affected by
the effectiveness of the entity’s cybersecurity risk management program.

SOC 2:
Management of the service organization and other specified parties with sufficient knowledge and understanding
of the service organization and its system.

GENERAL/RESTRICTED USE

SOC for Cybersecurity:
Appropriate for general use; however, the practitioner can restrict the report to specified parties,
if necessary.

SOC 2:
Restricted to user entity personnel and specified parties.

CONTROL CRITERIA

SOC for Cybersecurity:
The 2017 Trust Services Criteria are considered suitable criteria; however, other information
security control frameworks such as NIST’s Cybersecurity Framework, ISO 27001, and HITRUST may also be considered
suitable control criteria.

SOC 2:
The 2017 Trust Services Criteria for security, availability, processing integrity, confidentiality and privacy are the
only control criteria that can be used although additional criteria/frameworks may be included.

CONTENTS OF THE REPORT

The SOC for Cybersecurity report and the SOC 2 report includes the same sections with the exception of the description
of the service auditor’s tests of controls and results of the tests. The SOC for Cybersecurity report does not contain this
section.

About Schneider Downs
SOC Services 

Schneider Downs employs a unique approach to SOC reports, integrating the expertise of information technology, internal audit and external audit professionals. By combining cross-disciplinary knowledge and project management expertise, we are able to effectively deliver on our clients’ expectations. If you are interested in learning how we can assist your organization, please contact us to get started or view more SOC FAQ’s at www.schneiderdowns.com/soc-report-faq

 

Related Posts

No related posts.

Share

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2025 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

Our Thoughts On

Understanding Donated Space Under Accounting Standards Codification 842
Our Thoughts On Our Thoughts On

Understanding Donated Space Under Accounting Standards Codification 842

Audit, Lease Accounting
01.14.2025
Why Buyer Value Creation Matters for Sellers
Our Thoughts On Our Thoughts On

Why Buyer Value Creation Matters for Sellers

SD Capital
, 01.13.2025
IRS Releases six annual revenue procedures for 2025
Our Thoughts On Our Thoughts On

IRS Releases six annual revenue procedures for 2025

Internal Revenue Service, Not-for-Profit
01.09.2025
New Pennsylvania Department of State Filing Requirement - Annual Report Filing Beginning January 2025
Our Thoughts On Our Thoughts On

New Pennsylvania Department of State Filing Requirement - Annual Report Filing Beginning January 2025

Tax
, 01.08.2025
Value of Outsourced Accounting Services
Our Thoughts On Our Thoughts On

Value of Outsourced Accounting Services

Emerging Technology, Managed Accounting
01.08.2025

Get the weekly newsletter with our most recent columns and relevant insights to you.

Subscribe for Updates
Most Recent

Understanding Donated Space Under Accounting Standards Codification 842

By

Accounting for leases has undergone significant changes with the introduction of Accounting Standard Codification (ASC) 842. Under ASC 842, right-of-use ...

Read More
Most Popular

Understanding Donated Space Under Accounting Standards Codification 842

By

Accounting for leases has undergone significant changes with the introduction of Accounting Standard Codification (ASC) 842. Under ASC 842, right-of-use ...

Read More

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask Us
Subscribe For Updates

Receive all the latest insights and industry tips.

This field is for validation purposes and should be left unchanged.
Email us: [email protected]
Follow Us:
Facebook-f Linkedin-in

Office Locations

Pittsburgh

One PPG Place,
Suite 1700
Pittsburgh, PA 15222

p:
412.261.3644
f:
412.261.4876
Columbus

65 East State Street,
Suite 2000
Columbus, OH 43215

p:
614.621.4060
f:
614.621.4062
Metropolitan Washington

1660 International Drive,
Suite 600
McLean, VA 22102

p:
571.380.9003

Links

Inside Public Accounting Best of the Best 2024
Accounting Today Top 100 2024
Accounting Today Regional Leaders
Best Of Accounting Diamond Award

Schneider Downs is a Top 60 independent Certified Public Accounting (CPA) firm providing accounting, tax, audit and business advisory services to public and private companies, not-for-profit organizations and global companies. We also offer Internal Audit; Technology Consulting; Software Solutions; Personal Financial Services; Retirement Plan Solutions and Corporate Finance Services. Schneider Downs is the 13th largest accounting firm in the Mid-Atlantic region and serves individuals and companies in Pennsylvania (PA), Ohio (OH), West Virginia (WV), New York (NY), Maryland (MD), and additional states in the United States with offices in Pittsburgh, PA, Columbus, OH, and McLean, VA.

© 2024 Schneider Downs & Co., Inc. Maryland license number 35239.

Subscribe for updates!

Get the latest articles on various interest areas related to our current work.

Subscribe

Breached?

Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.