Independent SOC 1 audits under SSAE 18, by a licensed CPA firm.

Book a free scoping call
Get started

Which SOC report do you need?

Answer five quick questions to get a clear recommendation. Then see what the engagement process looks like from start to finish.

SOC 1 vs. SOC 2 quiz

Question 1 of 5

Does your service process, store, or transmit data that appears on your clients' financial statements?

This is the threshold question. SSAE 18 applies when a service organization's controls could affect what clients report on their financial statements.

Prefer to read instead? SOC 1 vs SOC 2 on the Sage Audits blog

The engagement

What the engagement looks like

From first call to final report, here's the typical SOC 1 engagement process at Sage Audits.

1

Discovery and scoping

1–2 weeks

We learn about your business, identify the services in scope, and define the control objectives relevant to your clients' financial reporting. This is also where we discuss whether a Type 1 or Type 2 makes more sense for your situation.

2

Readiness assessment

2–4 weeks, optional

A gap analysis to identify control weaknesses before the formal examination begins. Optional, but it often saves time and prevents surprises. You get a clear picture of what needs to be in place before testing starts.

3

Examination

Varies by scope

We test your controls against the defined objectives. For a Type 2, this covers an observation period of typically 6 to 12 months, with phased testing across the period instead of a year-end evidence dump.

4

Report delivery

2–4 weeks after fieldwork

We issue a clear, professionally written SOC 1 report that you can share with clients and their auditors. The report includes the auditor's opinion, system description, control objectives, and test results (for Type 2).

5

Ongoing support

Annual

SOC 1 audits are annual. We help you prepare for the next cycle and address any findings from the current report. Continuity with the same auditor makes each subsequent year faster.

Get a scoping estimate