Secure Controls Framework
Download The SCF
SOC 2

Who performs SOC 2 audits?

Direct Answer

SOC 2 reports must be performed by a licensed CPA firm authorized to issue SOC reports. Readiness assessments can be conducted by non-CPA consultants or internal teams, but only a licensed CPA firm can issue the actual SOC 2 attestation report. The AICPA maintains guidance on selecting a qualified audit firm.

Keep Exploring

Relevant Resources

References

Authoritative Sources