Service Organization Control (SOC) Audits

Baltimore business owners need to ensure sensitive data is protected, especially when it comes to financial and identification information (i.e. social security numbers) of customers.  Ensuring the company has robust internal controls and cybersecurity policies and practices in place to protect against a breach is essential. In fact, many may expect to see a Service Organization Control (SOC) Audit report before doing business with a company. This audit verifies that the tools, processes and procedures have been tested and are effective. Some may desire a SOC 1 audit, while others will obtain more value from a SOC 2 audit or SOC 3 audit. Whatever the desired level of assurance, it’s important to work with an experienced provider to drive the process.


AICPA Cybersecurity Advisory Services CertificateOur experienced cyber risk professionals have been performing IT audits and risk assessments for 15 years, and unlike standard IT providers, as CPAs and consultants, we have an intimate understanding of your organization’s unique processes and operations. You can rely on us for complete cybersecurity services and solutions tailored to your risk profile and network.

Baltimore SOC Audits

PBMares offers a SOC Audit services including:

  • SOC 1 Audits – The reports assure your clients that internal controls are secure. These audits focus on your organization’s business processes and IT controls. Any that are likely to be relevant to an audit of your customers’ financial statements are documented in the report. There are two types of SOC reports: Type 1 reports test the design of your organization’s controls. Type 2 reports test whether your controls are properly designed and implemented.
  • SOC 2 Audits – These reports concentrate on five Trust Services Principles: security, availability, processing integrity, confidentiality and privacy. SOC 2’s requirements allow data providers to decide how they want to meet the criteria. This flexibility means SOC 2 reports are unique to each company.
  • SOC 3 Audits – Similar to SOC 2 reports in that they examine the same five Trust Services Principles, the results of the audit are publicly available.
  • SOC Readiness Assessments – These assessments provide an overview of your organization’s preparedness for a successful SOC 1, 2, 3 or Cybersecurity audit.

Why are SOC Audits Critical for Baltimore Companies?

The increasing threat of cyber security violations and incidents require Maryland business owners to carefully assess their risk profile. Below is key information to consider, including:

Threats are increasing as demonstrated by this trend analysis showing the type of threats faced and frequency of usage.

The method used to perpetrate cyber crimes varies but according to the graph below the use of stolen credentials appears to be on the rise.

Source: Verizon 2019 Data Breach Investigations Report

Contact Our Maryland SOC Auditors

PBMares provides SOC 1, SOC 2, SOC 3 audits and readiness assessments to companies in Baltimore and across Maryland. If you are interested in learning how we can assist your organization, contact us and a team member will follow up with you promptly.


Antonina K. McAvoy, CISA, CISM, QSA, PCIP

Partner, Cybersecurity & Risk Advisory Services