Certified Public Accountants
& Business Consultants

Third Party Assurance & Cyber Attest:
SOC 1 & SOC 2 Services


Excellent client service doesn’t stop with great service…it’s about trust.


In today’s world, it is standard operating practice for businesses to outsource certain tasks or functions to trusted third parties who can provide specialized services. RubinBrown has contributed to the evolution of SOC reporting. We are driven to help service organizations "audit once and report many."


Help is Here

RubinBrown is here to help you navigate efficiently and with leading edge insight. Service organizations will receive:

  • The ability to report to many with one report
  • A simple process to select what reporting is best for you and your clients
  • An easy approach to readiness assessments
  • Timely and clear assessments, such as SOC 1, SOC 2, SOC 2+ or other independent assessments
  • Transparency in the market for control strength


Our Service Organization Value Proposition

RubinBrown helps service organizations communicate risks and controls with their clients. We provide:

  • Identification of enhancement opportunities through pre-engagement assessments
  • Comfort for your client with SOC 1/SOC 2 engagements
  • Customer ready communications
  • Ease client requests with formal attestation


So when do you need a SOC report?

  • You’ve been asked to provide a client (or future client) comfort on your controls / security.

  • A client requires a SOC 1/SOC 2 report.

  • A future client is requiring an independent assessment related to the Cloud Control Matrix, HITRUST, COBIT5, COSO 2013 Framework, ISO 27001, NIST 800-53 or another regulation or framework.

  • Your security team is spending too much time filling out security questionnaires.

  • Your compliance office, finance or internal control groups are spending too much time filling out control questionnaires.


Did you know?

We also provide vendor management services.

There are new trust principles for SOC 2. Click here for more information.

There are new mappings for service organizations to address additional criteria or subject matter (click here to find out more). Potential areas of coverage include:

  • Internal control for financial reporting
  • Security
  • Confidentiality
  • Availability
  • Processing integrity
  • Privacy
  • Cloud Control Matrix
  • COBIT5
  • COSO 2013 Framework
  • ISO 27001
  • NIST 800-53



Each SOC report serves a distinct purpose:


Team Expertise

RubinBrown's Audrey Katcher has over 20 years of IT audit and service organization control experience. She currently serves on the AICPA Information Technology Executive Committee and the AICPA Data Integrity Committee. Audrey's participation on these key AICPA committees provides clients the most current perspective the profession has on the new Service Organization Control standards and audit guidelines.

Rob Rudloff has more than 20 years of information security experience on security reviews, mitigation, strategy and architecture development. Rob is a Certified Information Systems Security Professional, Information Systems Security Management Professional, Certified Cloud Security Professional and a Project Management Professional.

RubinBrown professionals maintain a current working knowledge of the new standards and are ready to help your organization.

RubinBrown is a PCAOB registered accounting firm with an experienced team who have led and performed many SOC engagements.