SOC 2 Audits: SOC 2 audits are audits of internal controls of a service organization in accordance with the AICPA Guide: Reports on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. These reports are intended for use by a broader range of users that need information and assurance about the controls that affect the security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of information processed by the system.

The principles that are relevant to user entities will be identified by a client, or user, of the organization who wishes to ensure safety through the service organization’s systems. After these principles to be audited are identified, the auditor will review the internal controls of the organization to determine if they meet the criteria associated with the principles that are specified by the AICPA Guide. The principles that could be selected by the user organization for testing are:

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy

Use of these reports is restricted to the management of the service organization, user entities, and user auditors.

For more information about the trust principles and criteria, please download our Trust Principles Matrix.


As the exchange of information between businesses is becoming more prevalent, the commitment and trust between companies can be severed if service organizations are not maintaining adequate controls over the Security, Availability, Processing Integrity, Confidentiality, or Privacy of its systems. Obtaining these reports will allow a service organization to maintain and fortify trust with its user entities and enhance their trust with one another.

We welcome you to contact us at Larson & Company today for more information on SOC 2 audits in Moab, St. George, Spanish Fork, and Salt Lake City, Utah.