Marcum

Marcum is a SOC 2 audit firm based in New York, NY serving smb and mid-market and enterprise companies. They offers audit readiness assessments. Industry focus areas include SaaS, Technology, Financial Services, and others.

Marcum LLP is a top-15 national CPA and advisory firm serving private and public companies. Their Risk Advisory practice specializes in SOC reporting, PCI DSS, HIPAA/HITRUST, FISMA, NIST, and ISO 27001, with staff holding CISA, CISSP, QSA, GPEN, and GWAPT certifications.

Who Marcum May Be a Fit For

Based on the firm's listed attributes, Marcum may be a good match for the following types of buyers. Always confirm fit directly with the firm before engaging.

• Companies in SaaS, Technology, Financial Services, Healthcare, Private Equity looking for an auditor with sector-specific experience.
• Organizations at the SMB, Mid-Market, Enterprise stage that need an auditor sized appropriately for their environment.
• Companies pursuing either a first-time Type I or a renewal Type II audit.

What to Evaluate Before Engaging This Firm

Before signing an engagement letter with any SOC 2 auditor, take time to verify the following. These factors apply broadly but are worth confirming for each firm on your shortlist.

Read more: How to choose a SOC 2 auditor · SOC 2 audit cost guide

Questions to Ask Marcum

Use these practical questions during an introductory call to evaluate fit, scope, and working style.

• How many SOC 2 audits does your team complete per year?
• What is your experience auditing companies in SaaS?
• Is pricing fixed-fee or time-and-materials?
• What is the expected timeline from kickoff to report delivery?
• Do you offer readiness assessments or gap analyses?
• Who will be my day-to-day point of contact?
• Can you share a sample engagement letter or report?

See all recommended questions: Questions to ask your SOC 2 auditor →

About Marcum and SOC 2 Audits

Does Marcum offer SOC 2 Type I and Type II audits?

Marcum offers SOC 2 Type I and SOC 2 Type II audit services. They can handle first-time engagements (Type I) and recurring audits that cover operating effectiveness over a review period (Type II).

What industries does Marcum have SOC 2 audit experience in?

Marcum serves clients in SaaS, Technology, Financial Services, Healthcare, Private Equity. Sector-specific experience helps an auditor identify the controls that matter for your industry, anticipate regulatory overlaps, and avoid unnecessary back-and-forth during scoping.

What size companies does Marcum work with?

Marcum focuses on smb, mid-market, enterprise organizations. An auditor matched to your company stage is more likely to scope the engagement correctly and offer pricing that fits your budget.

Does Marcum offer SOC 2 readiness assessments?

Marcum offers audit readiness support. A readiness assessment flags control gaps before the formal audit, so you can fix issues on your own timeline rather than scrambling during fieldwork.

What is Marcum's pricing model for SOC 2 audits?

Marcum uses a custom pricing model. Contact the firm directly for a quote tailored to your audit scope and company size.

How long does a SOC 2 audit take with Marcum?

Marcum's typical timeline is 6–10 weeks. Actual duration depends on audit type, company readiness, and the observation period for Type II engagements. Before signing, ask for a written timeline with milestones for readiness, observation, fieldwork, and report delivery.

Where is Marcum located?

Marcum is headquartered in New York, NY. SOC 2 audits are typically conducted remotely, so location is less important than industry experience and platform familiarity. That said, overlapping time zones can make scheduling easier.

Similar SOC 2 Audit Firms

Browse by Category

• SaaS SOC 2 auditors
• Technology SOC 2 auditors
• Financial Services SOC 2 auditors
• Healthcare SOC 2 auditors
• SMB SOC 2 auditors
• Mid-Market SOC 2 auditors
• Enterprise SOC 2 auditors