Healthcare SOC 2 Auditors: Find Firms

MNP LLP is Canada's third-largest accounting and business advisory firm, with over 8,000 employees across 150+ offices. The firm provides SOC 1 and SOC 2 attestation services alongside internal audit, enterprise risk management, and cybersecurity advisory capabilities.

PwC (PricewaterhouseCoopers) is a Big Four accounting firm known for a strong risk assurance practice, popular with large tech and financial services companies for SOC 2 and related compliance audits.

Deloitte India provides SOC 2 consulting and audit support as part of the Big Four global network, helping Indian and multinational companies prepare for external reviews and certifications with certified experts in risk management and compliance.

HHM CPAs is a regional accounting firm providing SOC reporting, audit, tax, and advisory services in Tennessee and the Southeast.

Weaver is a Top-35 US CPA firm headquartered in Texas offering SOC 1 and SOC 2 Type I and Type II examinations. Their IT advisory team is led by professionals including Neha Patel (CISA, CDPSE), a former AICPA national SOC School trainer named to Forbes' 2025 Best-in-State CPAs.

BerryDunn is the largest assurance, tax, and consulting firm headquartered in New England with nearly 1,000 employees across 7 states and Puerto Rico. Their attest services are provided by BDMP Assurance, LLP, a licensed CPA firm. They have successfully guided MSPs and technology firms through SOC 2 examinations to meet enterprise vendor requirements.

Calvetti Ferguson is a Texas-based CPA firm with a specialized cybersecurity and IT advisory practice providing SOC 2 examinations, IT governance assessments, and security program evaluations for healthcare and technology organizations.

CISOnow is a leading provider of virtual CISO advisory services and managed security services, offering gap assessments, compliance support for SOC 1, SOC 2, PCI, HITRUST, HIPAA, GDPR, and CCPA, and a proprietary C3 Cybersecurity Assessment.

CITSAP (Certified IT Security Assurance Professionals) is a next-generation cybersecurity company that partners with Thoropass and DuploCloud to offer a SOC 2 and HITRUST compliance accelerator program for early-stage startups.

ControlCase is a global compliance and security certification firm offering SOC 2 readiness, SOC 2 audit facilitation, PCI DSS, ISO 27001, and HITRUST certification services.

Keiter is a Virginia-based CPA firm offering SOC 1 and SOC 2 examinations through their Risk Advisory Services team. Their practice lead, Scott McAuliffe (CISA, CFE), has 25+ years in public accounting, including Sarbanes-Oxley, internal audit, and CMMC work. They also offer IT audit via Keiter Technologies.

Drummond Group is a compliance testing and certification firm specializing in SOC 2 assessments, HITRUST certification, ONC health IT testing, and security compliance for technology and healthcare organizations.

PwC India provides SOC 2 Type 2 compliance services, checking governance and internal controls to prepare companies for audits. Particularly useful for companies doing business across multiple countries, leveraging PwC's global network of 364,000+ professionals.

Kroll is a global risk and financial advisory firm providing SOC 2 readiness consulting, cybersecurity assessments, incident response, and compliance advisory services for mid-market and enterprise organizations.

Lazarus Alliance is a licensed CPA firm and cybersecurity audit specialist providing SOC 1, SOC 2, and SOC 3 examinations, along with FedRAMP, CMMC, and HIPAA compliance services.

Modern Assurance is a CPA firm specializing in SOC 1, SOC 2, and SOC 3 audits. Founded by professionals from national accounting firms, they focus exclusively on attestation engagements and deliver efficient, technology-forward audit experiences for growing companies.

Atlant Security provides SOC 2 compliance consulting and cloud security advisory for businesses on AWS, Azure, and GCP. Their services cover readiness assessments, control implementation, and ongoing compliance support across six major frameworks.

CompliancePoint Assurance is a licensed CPA firm dedicated exclusively to SOC 2 audits, led by Carol Amick, a CPA with 20+ years of information security experience. As a CompliancePoint division, they offer blended PCI DSS + SOC 2 and HITRUST + SOC 2 audits, leveraging their status as a PCI QSA and HITRUST-authorized CSF Assessor.

PBMares is a CPA firm and approved Qualified Security Assessor (QSA) providing SOC 1, SOC 2, and SOC 3 examinations. Their SOC team combines licensed CPAs with cybersecurity professionals for dual compliance and technical expertise.

Moss Adams, founded in 1913, is one of the 15 largest accounting and consulting firms in the United States. Following its 2025 combination with Baker Tilly, the firm operates as the nation's sixth largest CPA advisory firm with 11,000+ professionals across 100+ locations, offering SOC 2 and SOC 3 audit services.

Percilchofe CPA LLC is a licensed CPA firm and AICPA member with 15+ years of expertise in audit, assurance, and compliance. The India-headquartered firm (Percilchofe Pvt. Ltd.) has a US entity registered in Sheridan, WY, and specializes in SOC 1, SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, HITRUST, FedRAMP, and CMMC.

Windows Management Experts (WME) is a Microsoft Solutions Partner founded in 2008 that specializes in delivering secure, scalable IT solutions including SOC 2 compliance consulting, cloud security, and identity management across 500+ successful projects.

BARR Advisory is a cloud-based cybersecurity and compliance firm specializing in SOC 2, ISO 27001, and FedRAMP for fast-growing SaaS and cloud-based organizations, with a net promoter score of 89.

RSM US is a leading CPA and consulting firm delivering end-to-end SOC 2 support from readiness to audit, with an integrated audit-consulting model and deep industry expertise for middle market companies.

Prowise Systems is a U.S.-based security compliance consulting firm specializing in SOC 2 readiness and preparation services. The firm conducts mock audits, reviews system changes, and manages SOC 2 compliance posture year-round, partnering with AICPA-accredited audit firms for final attestation.

NDB is a CPA firm specializing in SOC 2 Type I and Type II audits for startup healthcare and technology companies, leveraging Vanta for automated compliance and offering a Virtual Compliance Officer program.

Cypher Synapses specializes in guiding organizations through regulatory compliance complexities, offering comprehensive readiness services for SOC 2, ISO 27001, GDPR, HIPAA, PCI, and FERPA from initial assessment to final certification.

Windes is a Southern California CPA firm founded in 1926 with 30 partners and 250+ professionals across Long Beach, Orange County, and Los Angeles offices. Recognized as an Accounting Today Top 100 Firm, they offer audit, assurance, cybersecurity risk management, and technology advisory services to technology companies and nonprofits.

Accedere is a Colorado-licensed CPA firm and ISO/IEC Certification Body specializing in SOC 1, SOC 2 Type II, and SOC 3 attestation, ISO 27001 audits, and cloud security assessments. Registered with PCAOB and the Cloud Security Alliance as a STAR auditor, the firm brings over 20 years of cybersecurity and privacy compliance experience.

Withum is a forward-thinking advisory and accounting firm and one of the top CPA firms in the US. Their SOC audit team authored and presented the inaugural AICPA SOC for Cybersecurity course, and seven of their professionals are among the first CPAs nationwide to earn the AICPA's SOC for Cybersecurity digital badge.

Citrin Cooperman is the 19th largest US CPA firm, with licensed attest services through Citrin Cooperman & Company, LLP. They operate a dedicated IT Audit Services practice. In 2025, Blackstone acquired a majority stake, valuing the firm at $2 billion, enabling continued investment in technology and talent.

AAFCPAs is a Top 100 US CPA firm delivering SOC 2 audits led by seasoned professionals with Certified Ethical Hackers embedded in every engagement. Their leadership is involved in AICPA SOC and cybersecurity standards development.

Angel Cybersecurity is a woman-owned cybersecurity consulting company experienced in building security programs for organizations of all sizes, offering virtual CISO services and compliance support for SOC 2, ISO 27001, HIPAA, and PCI.

Lawless Solutions is an IT and cybersecurity consulting firm that simplifies security, compliance, and IT for businesses across industries. Their compliance readiness services leverage partnerships with Thoropass, Secureframe, and Vanta.

GMI Consulting is a Drata service partner offering SOC 2 readiness assessments and remediation services. They help organizations prepare for SOC 2 audits by identifying gaps, building controls, and implementing compliance automation through the Drata platform.

SecurePath Solutions specializes in guiding businesses through complex compliance frameworks including SOC 2, PCI, HITRUST, and FedRAMP, with a team of certified security and compliance professionals.

UHY LLP is a national CPA firm and a member of UHY International providing SOC examination, IT risk advisory, and compliance audit services.

CyberSapiens is an Australian cybersecurity and compliance consulting firm specializing in SOC 2 readiness for SaaS, fintech, and technology companies. The firm provides gap analysis, control implementation, policy development, evidence automation, auditor coordination, and ongoing compliance support. CyberSapiens is a Vanta Gold Partner and Drata Certified Partner with a 95% first-time pass rate across 200+ certified clients.

BPM is the largest California-based accounting and advisory firm, providing SOC 1, SOC 2, and SOC 3 examinations through its IT Assurance practice. Their team holds CPA and CISA credentials.

Aprio, founded in 1952, is a Top 25 U.S. public accounting firm with 1,900+ team members serving clients in 50+ countries. Aprio is one of the few firms offering ISO, SOC reporting, HITRUST, PCI DSS, CMMC, FedRAMP, and WebTrust from a single provider.

Truvantis is a cybersecurity and compliance consulting firm providing SOC 2 readiness, HIPAA compliance, penetration testing, and vCISO services to help technology companies achieve and maintain compliance.

Coalfire is a leading cybersecurity advisory firm founded in 2001, completing 3,000+ assessments annually through Coalfire Controls, its fully licensed CPA affiliate. With 20+ years of SOC assessment experience and offices in the US and UK, Coalfire partners with Vanta to deliver AI-powered compliance acceleration.

INTERCERT Inc. is a multinational auditing company operating in 28+ countries, accredited by SCC (Canada) and UAF (United States) under IAF for ISO certification, and a registered CPA firm for SOC 2/SOC 1 services. INTERCERT and Sprinto have delivered 500+ successful audits together.

CAS Assurance LLC is a licensed CPA firm in Miramar, Florida specializing in SOC 1, SOC 2, CSA STAR, HIPAA, and NIST compliance audits with 20+ years of experience. The firm is a confirmed Secureframe audit partner.

Clearwater Security is a healthcare-focused cybersecurity and compliance firm with two decades of experience, offering SOC 2 readiness consulting, HIPAA compliance, and managed security operations for over 500 customers.

EisnerAmper is a major U.S. CPA and advisory firm with 440+ partners and 4,500+ professionals. Their Assurance Technology and Control Services Group performs dozens of SOC examinations annually. Notably, an EisnerAmper partner chairs the AICPA SOC 2 Working Group.

GraVoc is a Massachusetts-based IT advisory and cybersecurity firm providing SOC 2 readiness consulting, risk assessments, and compliance program development for technology and healthcare organizations.

Windham Brannon is a full-service CPA firm founded in 1957, offering SOC 1, SOC 2, SOC 2+, and SOC 3 examinations along with SOC readiness assessments through its Risk Advisory practice.

Cycore Secure is an AI-powered cybersecurity services firm offering managed compliance (SOC 2, ISO 27001, HIPAA, GDPR, HITRUST), virtual CISO services, and cyber risk assessments for organizations seeking to build resilient security programs.

RS Assurance & Advisory is a licensed CPA firm providing SOC 1, SOC 2, and SOC 3 attestation services. Their team includes former Big Four auditors who bring deep expertise in IT compliance and risk management to organizations of all sizes.

BDO is a large accounting and consulting firm that provides SOC 2 audits and other assurance services, offering a strong alternative to the Big Four with a growing technology audit practice.

RSI Security provides end-to-end SOC 2 readiness consulting, from gap analysis and control implementation to auditor selection, evidence gathering, and ongoing compliance maintenance.

Auditwerx is a CRI (Carr, Riggs & Ingram) division dedicated exclusively to SOC reporting and compliance attestation. Founded in 2009, they have produced over 3,500 security compliance reports and 200+ reports annually. They specialize in SOC 1, SOC 2, SOC 2+, PCI DSS, and CMMC assessments.

Cherry Bekaert is a national CPA and advisory firm with 3,000+ professionals and 75+ years of experience. They offer SOC 1, SOC 2, SOC 2+, SOC 3, and SOC for Cybersecurity, and are an authorized CMMC C3PAO. Their Risk & Cybersecurity team has 30+ years of SOC and information assurance experience across all industries.

BSI (British Standards Institution) is an international standards and certification body headquartered in London, offering SOC 2 compliance services alongside ISO 27001, ISO 27017, and other information security certifications globally.

BeachFleischman is a Top 200 US CPA firm headquartered in Arizona, providing SOC 2 readiness assessments, SOC audit services, and cybersecurity consulting across Tucson, Phoenix, and Las Vegas offices.

Compass IT Compliance provides SOC examination, IT audit, and cybersecurity compliance services to organizations across the United States.

Plante Moran is one of the nation's largest CPA and business advisory firms with nearly 4,000 staff. Their cybersecurity practice has over 30 years of SOC consulting experience and is actively involved with the AICPA SOC committees, providing advanced visibility into upcoming SOC reporting standards.

eDelta Consulting provides independent SOC 1, SOC 2, and SOC 3 examinations along with readiness assessments, led by former Big 4 professionals with audit, SOC, control, and risk experience across regulated and technically complex sectors.

CBIZ is a leading provider of financial, insurance, and advisory services including SOC reporting and IT audit through its MHM subsidiary partnership.

TrustNet is a cybersecurity and compliance services firm with two decades of experience helping businesses achieve SOC 1, SOC 2, and SOC 3 compliance. The firm provides readiness assessments, gap analysis, remediation support, and compliance automation through its SOC Accelerator+ approach, coordinating with CPA firms for final attestation.

NDNB Accountants & Consultants has been a national provider of SOC compliance and assessment services since 2006. The firm specialises in SOC 1, SOC 2, HIPAA, GLBA, and PCI DSS audits, efficiently combining overlapping operational and security controls across frameworks.

Archlight is a premier provider of information privacy, security, cybersecurity, and regulatory compliance consulting services dedicated exclusively to healthcare, with an award-winning team that has over 30 years of experience.

Warren Averett is one of the largest CPA and advisory firms in the Southeast, providing SOC 2 examinations, IT risk advisory, and cybersecurity assessment services.

Accorp Partners is a California-registered CPA firm and AICPA peer-reviewed SOC auditor, providing SOC 1, SOC 2, ISO 27001, HIPAA, and PCI-DSS compliance services to over 500 global organizations.

Deloitte is one of the Big Four accounting firms with a massive security and risk management practice, serving as a go-to for complex, global SOC 2 audits for the largest enterprises.

HoganTaylor is one of the largest business advisory and CPA firms in Oklahoma and Arkansas with 350+ personnel. Their Risk Assurance team specializes in SOC reports, HITRUST validated assessments, and CMMC certification for small to medium-sized companies across the US, delivering highly customized SOC audits.

Hancock Askew is a Southeastern CPA and advisory firm offering SOC 2 examinations, IT audit, and risk advisory services to financial services, healthcare, and technology organizations.

Crowe is a global accounting firm delivering tailored, risk-based SOC 2 audits using proprietary data analytics and AI tools to speed up evidence collection and testing for high-assurance attestations.

Lurie LLP is a CPA firm 100% dedicated to SOC reporting. Their partners taught the AICPA's official SOC School and have authored industry guidance on SOC engagements. They deliver SOC 1, SOC 2, and SOC 3 reports for organizations across the country.

CyberCrest specializes in SOC 2 readiness assessments, gap analyses, and compliance consulting. Their 4-step compliance methodology covers gap analysis, documentation, control implementation, and audit support.

HI-TEX Solutions is a White Glove IT Managed Services Provider and AWS Consulting Partner founded in 1999, offering compliance assessments across SOC 2, HIPAA, HITRUST, PCI, NIST, and FedRAMP frameworks for healthcare, financial, legal, and government sectors.

Grant Thornton is a global audit and advisory firm offering end-to-end SOC 2 solutions, combining audit expertise with technology to deliver efficient readiness assessments and high-quality attestation reports.

Marcum LLP is a top-15 national CPA and advisory firm serving private and public companies. Their Risk Advisory practice specializes in SOC reporting, PCI DSS, HIPAA/HITRUST, FISMA, NIST, and ISO 27001, with staff holding CISA, CISSP, QSA, GPEN, and GWAPT certifications.

Schellman is a leading compliance assessment firm focused exclusively on attestation and cybersecurity services, including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI DSS.

CohnReznick LLP is a top-20 national CPA firm with 5,000+ global employees and $1.12B in FY25 revenue. Their attest entity is PCAOB-registered and inspected. They offer SOC 1, SOC 2, and SOC 3 audits with professionals holding Advanced SOC for Service Organization Certification and Big Four firm backgrounds.

Elliott Davis is a Top 40 U.S. CPA and advisory firm providing SOC 2 examinations, IT risk advisory, and cybersecurity assessment services for technology, financial services, and healthcare organizations across the Southeast.

MBE CPAs is a CPA and advisory firm providing SOC reporting, audit, and compliance services in the Midwest.

Sidekick Security is an AI-native cybersecurity consulting firm led by former CMS CISO Robert Wood, offering program transformation, offensive security, and compliance support with a data-driven delivery model that prioritizes measurable outcomes.

CLA (CliftonLarsonAllen) is one of the largest US CPA and business advisory firms with 8,500+ professionals across nearly 130 US locations. They provide SOC 2 audit services with industry-focused expertise spanning technology, government, healthcare, and nonprofit sectors. CLA Global was co-founded in 2022.

CyberVantage 360 is a compliance consulting firm that has helped over 1,000 clients across 50+ countries achieve SOC 2, ISO 27001, and PCI DSS certifications. They provide end-to-end readiness services from gap analysis through audit support.

Prodigy 13 is a cybersecurity firm offering managed compliance services, elite penetration testing (PTaaS), security operations, and Zero Trust certification for SOC 2, ISO 27001, PCI DSS, GDPR, and HITRUST frameworks.

Smith + Howard is a CPA and advisory firm providing SOC reporting, IT audit, and risk advisory services with a focus on middle-market companies.

Tevora is a cybersecurity and compliance advisory firm providing SOC 2 readiness, PCI DSS, HITRUST, and ISO 27001 consulting services to help organizations prepare for and navigate compliance audits.

GuidePoint Security is a cybersecurity solutions firm providing SOC 2 readiness assessments, compliance advisory, and security consulting services for mid-market and enterprise organizations.

A-LIGN is a technology-enabled cybersecurity compliance firm and the number one global issuer of SOC 2 reports, having completed over 16,000 audits since its founding in 2009.

Audit Peak is a minority-owned CPA firm specializing in IT audits, cybersecurity, and risk advisory services. Founded by former PwC, EY, and KPMG professionals, the firm delivers Big 4-level audit expertise with boutique agility. AICPA Peer Review rated 'Pass' (highest rating).

KirkpatrickPrice is a licensed CPA firm and PCAOB-registered auditor that has issued over 20,000 security compliance reports to more than 2,000 clients worldwide since its founding. They specialize exclusively in cybersecurity audits including SOC 1, SOC 2, PCI DSS, HITRUST CSF, and ISO 27001.

LBMC is Tennessee's #1 professional services firm with 1,000+ team members serving 11,000+ clients nationwide. Their SOC audit practice is led by professionals who have issued thousands of SOC reports, including a national AICPA SOC training leader. They offer SOC 1, SOC 2, SOC 3, and SOC for Cybersecurity.

Muscatek, Inc. is an IT consulting firm founded by Ty Muscat Jr. specializing in SOC 2 compliance consulting, cloud services, IT management, and open-source solutions, with over two decades of IT infrastructure experience.

Mauldin & Jenkins is a regional CPA and advisory firm offering SOC examinations, IT audit, and cybersecurity compliance services across the Southeast.

Carr, Riggs & Ingram is a Top 25 U.S. CPA and advisory firm providing SOC 2 examinations, IT audit, cybersecurity assessments, and risk advisory through its national practice. Parent firm of the Auditwerx SOC practice.

KPMG is a Big Four accounting firm with a strong IT attestation practice, offering SOC 2 audits as part of their broader assurance services with a global focus on risk management and compliance.

James Moore & Co is one of Florida's largest independent CPA firms, offering SOC 2 examinations alongside IT audit and risk advisory services with deep expertise in government, higher education, and healthcare compliance.

Linford & Company is a Denver-based CPA firm comprised of former Big Four auditors specializing in SOC 2, HIPAA, FedRAMP, and HITRUST assessments. 90% of their work consists of SOC 2 audits.

EY (Ernst & Young) is a Big Four accounting firm offering technology risk assurance services including SOC 2 audits, frequently working with large enterprises across multiple industries.

Schneider Downs is a Top-60 independent CPA firm and the 13th largest accounting firm in the Mid-Atlantic region. They blend IT, internal audit, and external audit expertise for SOC engagements and maintain a proprietary SOC 2 controls catalog. National speakers on SOC reporting and also offer SOC for Supply Chain.

Render Compliance is a licensed CPA firm in Seattle staffed by CISA and CPA certified auditors, specializing in SOC 1 and SOC 2 attestations for B2B SaaS companies with reports issued within 3 weeks from fieldwork.

Avertium is a cybersecurity services company providing SOC 2 readiness assessments, governance risk and compliance consulting, managed security services, and incident response for mid-market and enterprise organizations.

Eide Bailly LLP is a Top 25 national CPA firm with 3,500 employees across 50+ offices in 17 states, having surpassed $750M in revenue in 2025. They offer SOC audits through their Risk Advisory Services practice, with industry expertise spanning healthcare, banking, and government sectors.

Clark Nuber PS is the largest locally-owned CPA firm in the Pacific Northwest with 300+ professionals and a Certified B Corporation. Their Technology Group serves SaaS, blockchain, AI, and AR/VR companies, providing SOC 1 and SOC 2 reports on controls, with experience including Microsoft SSPA attestations.

Sublett Consulting is a certified cyber risk expert firm founded in 2011 by Christine Sublett, specializing in information security, privacy, and risk management for early to mid-stage health tech, medical device, digital health, and cybersecurity companies.

Cyber Forte is a Melbourne-based cybersecurity firm specializing in SOC 2 compliance readiness for Australian and New Zealand businesses. The firm provides end-to-end guidance from risk assessment through control implementation and audit preparation, with a team bringing 25+ years of experience working with ASX 50 and global companies.

SecureLeap is a cybersecurity and compliance consulting firm that helps startups achieve SOC 2, ISO 27001, and HIPAA certification. The firm provides end-to-end readiness support including gap analysis, policy creation, audit facilitation, penetration testing, and virtual CISO services. SecureLeap partners with Drata, Vanta, and Secureframe, offering platform implementation and configuration support.

Optiv Security is a cybersecurity solutions integrator and advisory firm providing SOC 2 readiness assessments, compliance consulting, managed security, and governance risk and compliance services for enterprise organizations.

iRisk Assurance is a fast-growing GRC and cybersecurity consulting firm headquartered in Chennai, India, with offices in Bangalore and the USA. Founded in 2014, the firm has completed 200+ successful SOC, ISO, and HIPAA audits. The team includes Big 4 veterans with CPA, CISA, CISSP, and CEH certifications, and operates an in-house SOC in Chennai.

Saltmarsh, Cleaveland & Gund is a Gulf Coast CPA and advisory firm providing SOC 2 examinations, IT risk advisory, and cybersecurity assessments for financial services, healthcare, and technology organizations.

YHB (Yount, Hyde & Barbour) is a Virginia-based CPA and consulting firm established in 1947 with SOC audit and IT audit services. Their Risk Advisory Services team includes CITPs and CISAs who focus on AICPA Trust Services Categories and ISACA COBIT frameworks, providing vulnerability assessments, penetration testing, and SOC auditing.

IT Governance USA is a global cybersecurity and compliance advisory firm providing SOC 2 readiness consulting, gap assessments, ISO 27001 implementation, and data privacy compliance services.

Protiviti is a global consulting firm and Robert Half subsidiary that provides SOC 2 readiness assessments, gap remediation, and internal audit support. With over 85 offices worldwide, they serve mid-market and enterprise organizations navigating complex compliance requirements.

Tanner LLC is Utah's premier independent CPA firm, providing SOC 2 examinations using the AICPA Trust Services Criteria. The firm's IT assurance team has over 15 years of experience helping clients manage information security risks. Tanner was the first Utah-headquartered firm to achieve HITRUST CSF Assessor designation.

Insight Assurance is a Tampa-based audit and cybersecurity firm founded by former Big Four professionals, offering SOC 2, ISO 27001, HITRUST, and other compliance audits with a 97% client retention rate.

Wipfli LLP is a licensed independent CPA firm operating in an alternative practice structure per AICPA standards. They offer SOC 1, SOC 2, SOC for Cybersecurity, and SOC for Supply Chain examinations. Their IT audit team includes SOC, HITRUST, digital forensics, and AI security specialists, including a noted practice for AI company compliance.

Assurance Dimensions is a Florida-based CPA audit firm founded in 2008 with leadership from former Arthur Andersen, Grant Thornton, BDO, and Schellman professionals. Their team includes a former Schellman Florida SOC practice leader. They specialize in SOC examinations for technology and financial services companies.

Baker Tilly is a Global CPA and advisory firm with dedicated AICPA SOC specialists performing hundreds of SOC 2 engagements annually across a wide variety of industries.

Forvis Mazars US, formed by the 2022 merger of BKD and Dixon Hughes Goodman, is among the largest U.S. public accounting firms with 7,000+ team members. As part of the Forvis Mazars Global network, they deliver assurance, tax, and consulting services across all 50 states and internationally.

Ferro Technics is a Canadian IT consulting and auditing firm certified by accrediting institutes for SOC 2 Type I and II, ISO 27001, HIPAA, and PCI DSS audit services. The firm provides compliance auditing, cybersecurity consulting, and training services to organizations across Canada and the United States.

PYA (Pershing Yoakley & Associates) is a Top 100 CPA firm ranked by USA Today, Forbes, and INSIDE Public Accounting, and a Top 15 auditor of the nation's largest health systems. They provide SOC 2 Type I and Type II audits for SaaS and cloud-based companies, led by seasoned CPAs and CISAs who prioritize deep technical audit rigor.

Anders CPAs + Advisors is a St. Louis-based CPA firm founded in 1965, providing SOC 1, SOC 2, SOC 2+, and SOC for Cybersecurity audit and advisory services. Their team determines the ideal SOC report type for clients' contractual and regulatory needs. Anders Technology also offers managed IT and vCISO services.

Postlethwaite & Netterville is a regional CPA firm in the Gulf South providing SOC 1 and SOC 2 examinations, IT risk advisory, and internal audit services for government, healthcare, and financial services organizations.

Wolf & Company, P.C. is a national CPA and business consulting firm founded in 1911, with over 40 IT audit and security professionals. They offer SOC 1, SOC 2, SOC 3, and SOC for Cybersecurity examinations, holding CISA, CISSP, and CPA credentials across their team.

IS Partners (merged with AssurancePoint) is a globally recognized CPA firm specializing in IT compliance and cybersecurity assurance, SOC 2, ISO 27001, HITRUST, and PCI DSS services.

Alexander Thompson Arnold (ATA) is a regional CPA and advisory firm offering SOC examination, IT audit, and risk advisory services across the Mid-South.

CyberGuard Advantage has provided SOC 2 readiness assessments and compliance consulting since 2011. They help organizations prepare for SOC 2 audits with thorough gap analysis, control implementation guidance, and ongoing compliance monitoring support.

Sikich is one of the largest US CPA firms with 2,000+ professionals across North America, EMEA, and APAC. Sikich CPA LLC, the licensed attest entity, provides SOC 2 audit services, while the broader firm offers cybersecurity, ERP/CRM, managed IT, and advisory services.

Integritum, a business unit of Cetrix Technologies, is a cybersecurity compliance and risk management firm with over a decade of experience and 600+ clients, offering compliance readiness, risk assessment, policy development, and cybersecurity training.