Get Started
Which SOC report do you need?
Answer five quick questions to get a clear recommendation. Then see what the engagement process looks like from start to finish.
Question 1 of 5
Does your service process, store, or transmit data that appears on your clients' financial statements?
This is the threshold question. SSAE 18 applies when a service organization's controls could affect what clients report on their financial statements.
Your recommendation
Get your personalized summary
We'll email you a tailored action plan based on your answers — plus what to prepare before a scoping call.
Summary sent. Check your inbox shortly.
Your next three steps
-
1
Understand what the audit covers
Review what a SOC 1 report contains and how Type 1 vs. Type 2 affects your timeline and cost.
Read the guide → -
2
Check your control readiness
The 2026 checklist covers the five control areas most commonly tested. Know where you stand before the call.
Get the checklist → -
3
Book your 15-minute scoping call
A quick call confirms your scope, timeline, and cost range. No sales pressure, no obligation to engage.
Schedule now →
What the engagement looks like
From first call to final report, here's the typical SOC 1 engagement process at Sage Audits.
Discovery and Scoping
1-2 weeksWe learn about your business, identify the services in scope, and define the control objectives relevant to your clients' financial reporting. This is also where we discuss whether a Type 1 or Type 2 makes more sense for your situation.
Readiness Assessment
2-4 weeks (optional)A gap analysis to identify control weaknesses before the formal examination begins. This step is optional but often saves time and prevents surprises. We give you a clear picture of what needs to be in place before we start testing.
Examination
Varies by scopeWe test your controls against the defined objectives. For a Type 2, this covers an observation period of typically 6-12 months. We work with your team to gather evidence and document the results of each test.
Report Delivery
2-4 weeks after fieldworkWe issue a clear, professionally written SOC 1 report that you can share with clients and their auditors. The report includes the auditor's opinion, system description, control objectives, and test results (for Type 2).
Ongoing Support
AnnualSOC 1 audits are annual. We help you prepare for the next cycle and address any findings from the current report. Continuity with the same audit team makes each subsequent year faster and more efficient.