Press Release

Baker Tilly Poll Shows Most Organizations Not Compliant with New SOC 2 Criteria

New criteria effective for reports with examination periods ending after Dec. 15, 2018

CHICAGO (May 7, 2019) – A flash poll conducted by Baker Tilly Virchow Krause, LLP (Baker Tilly) indicates 75% of respondents, having knowledge of their standing with System and Organization Controls (SOC) 2, said their organization has not yet evaluated their controls to ensure agreement with the new 2018 Trust Services Criteria, effective for reports with examination periods ending after Dec. 15, 2018.

“Organizations undergoing a SOC 2 report should account for key changes involving compliance now,” Mark Boettcher, senior manager in Baker Tilly’s risk, internal audit and cybersecurity practice, said. “As a result of these changes, SOC 2 report recipients should ultimately notice more transparency in their vendor management programs and gain a significant advantage in the marketplace over their competition.”

“Clients also report a huge time-savings related to security questionnaires,” Andy Wittig, senior manager in Baker Tilly’s risk, internal audit and cyber security practice, said. “Responding to or processing questionnaires consumes valuable company resources for both service organizations and report recipients. A SOC 2 helps organizations standardize that process, and save a lot of time on both ends of the equation.”

Baker Tilly recently held an educational webinar, “Transitioning between SOC reports,” providing insight into the key differences between the SOC 1 and SOC 2 report, and why a company receiving a SOC 1 report would need or benefit from a SOC 2 report.

The webinar presenters discussed:

  • The differences between the SOC 1 and SOC 2 report
  • The applicability of the SOC 1 and SOC 2 report and the circumstances when the use of each report is appropriate
  • How to determine if an organization should receive a SOC 2 report, or if a report should be requested from key vendors.
  • What additional effort is needed to perform a SOC 2 examination if a SOC 1 is already being performed.
  • The SOC 2 processing integrity criteria requirements and how they may or may not overlap with SOC 1 controls.

Presentation slides and a recording of the webinar are available at

About Baker Tilly US, LLP (

Baker Tilly US, LLP (Baker Tilly) is a leading advisory, tax and assurance firm whose specialized professionals guide clients through an ever-changing business world, helping them win now and anticipate tomorrow. Headquartered in Chicago, Baker Tilly, and its affiliated entities, have operations in North America, South America, Europe, Asia and Australia. Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 145 territories, with 34,700 professionals. The combined worldwide revenue of independent member firms is $3.6 billion. Visit or join the conversation on LinkedIn, Facebook and Twitter.