Connect
Ask Community
Ask the community
Ask Community

Who can perform a SOC 2 audit?Solved

Profile photo of arthur
arthur
Participant
Discussion
Hexnode UEM
4 days ago Feb 07, 2026

I’ve been doing some research on SOC 2 and I’m a bit confused. Who actually signs off on these audits? Can any security firm do it?

topic view count 26 Views
Reply

Replies (7)

Marked SolutionPending Review
Profile photo of jayceon Veteran image
jayceon
Participant
3 days ago Feb 08, 2026
Marked SolutionPending Review

While many security firms can help you prepare for a SOC 2 audit, they can’t officially issue or sign off on one. A SOC 2 audit has to be performed by a licensed CPA firm or an organization accredited by the American Institute of Certified Public Accountants (AICPA).

Marked SolutionPending Review
Profile photo of arthur Veteran image
arthur
Participant
3 days ago Feb 08, 2026
Marked SolutionPending Review

A CPA? I usually associate CPAs with taxes and accounting. Do they really have the expertise to audit a company’s security systems?

Marked SolutionPending Review
Profile photo of rose-wilson Novice image
rose-wilson
Participant
2 days ago Feb 09, 2026
Marked SolutionPending Review

There isn’t a specific “SOC 2 auditor” degree, but CPA firms that perform SOC audits must follow strict AICPA professional standards. They usually employ or collaborate with professionals who have strong technical and security expertise.

Marked SolutionPending Review
Profile photo of mike_johnson Novice image
mike_johnson
Participant
2 days ago Feb 09, 2026
Marked SolutionPending Review

So once you hire a firm, what does the actual audit process look like? Is it just a quick scan of the servers?

Marked SolutionPending Review
Profile photo of jayceon Veteran image
jayceon
Participant
1 day ago Feb 10, 2026
Marked SolutionPending Review

Not at all. The process is much more thorough. Auditors interview key stakeholders to understand policies, procedures, and risk management practices. They also review documentation and evidence to see how controls are designed and whether they’re operating effectively. Once the assessment is done, they issue the final SOC 2 report.

Marked SolutionPending Review
Profile photo of rose-wilson Novice image
rose-wilson
Participant
19 hours ago Feb 10, 2026
Marked SolutionPending Review

And depending on whether it’s a Type 1 or Type 2 report, the audit can take anywhere from a few weeks to several months.

Marked SolutionPending Review
Profile photo of arthur Veteran image
arthur
Participant
1 hour ago Feb 11, 2026
Marked SolutionPending Review

Got it. That clears things up. Thanks for the explanation!

Load more
Save
Related Topics

Leaderboard

Profile photo of bram Pro image
bram
1840 pts
Profile photo of timo-liam Veteran image
timo-liam
1280 pts
Profile photo of leo_scott Novice image
leo_scott
1177 pts
Profile photo of eliiza Novice image
eliza
1097 pts
Profile photo of boris Veteran image
boris
1089 pts
View all

Popular Tags

ABM (51)
Android (441)
iOS (351)
macOS (460)
Windows (317)
Apple TV (32)
App Management (341)
Enrollment (101)
Location (28)
Kiosk (209)
Scripts (87)
ADE (47)
OS Updates (78)
Android Enterprise (132)
View all