Certified Public Accountants
& Business Consultants

Third Party Assurance & Cyber Attest:
SOC 1 & SOC 2 Services


Excellent client service doesn’t stop with great service…it’s about trust.


In today’s world, it is standard operating practice for businesses to outsource certain tasks or functions to trusted third parties who can provide specialized services. RubinBrown has contributed to the evolution of SOC reporting. We are driven to help service organizations "audit once and report many."


Help is Here

RubinBrown is here to help you navigate efficiently and with leading edge insight. Organizations will receive:

  • The ability to report to many with one report
  • A simple process to select what reporting is best for you and your clients
  • An easy approach to readiness assessments
  • Timely and clear assessments, such as SOC 1, SOC 2, SOC 2+, SOC for Cyber Risk Management or other independent assessments
  • Transparency in the market for control strength


Our Value Proposition

RubinBrown helps organizations communicate risks and controls with their clients. We provide:

  • Identification of enhancement opportunities through pre-engagement assessments
  • Comfort for your client with SOC 1/SOC 2 or other SOC engagements
  • Customer ready communications
  • Ease client requests with formal attestation


So when do you need a SOC report?

  • You’ve been asked to provide a client (or future client) comfort on your controls / security.
  • A client requires a SOC 1/SOC 2 or other SOC report.
  • A future client is requiring an independent assessment related to the Cloud Control Matrix, HITRUST, ISO 27001, NIST 800-53 or another regulation or framework.
  • Your security team is spending too much time filling out security questionnaires.
  • Your compliance office, finance or internal control groups are spending too much time filling out control questionnaires.


Did you know?

We also provide vendor management services.

See the latest Trust Services Criteria for SOC2, SOC3, SOC for Cyber Risk Management and/or consulting services by viewing the Trust Services Criteria document the AICPA website.

Description Criteria for a Description of a Service Organization's System in a SOC2 Report

Description Criteria for Management's Description of the Entity's Cybersecurity Risk Management Program



Each SOC report serves a distinct purpose:


Team Expertise

RubinBrown's Audrey Katcher has over 20 years of IT audit and service organization control experience. She currently serves on the AICPA Information Technology Executive Committee and the AICPA Data Integrity Committee. Audrey's participation on these key AICPA committees provides clients the most current perspective the profession has on the new System and Organization Control (SOC) standards and audit guidelines.

Rob Rudloff has more than 20 years of information security experience on security reviews, mitigation, strategy and architecture development. Rob is a Certified Information Systems Security Professional, Information Systems Security Management Professional, Certified Cloud Security Professional and a Project Management Professional.

RubinBrown professionals maintain a current working knowledge of the new standards and are ready to help your organization.

RubinBrown is a PCAOB registered accounting firm with an experienced team who have led and performed many SOC engagements.