SOC2Scout
SOC2Scout
DirectoryMatch WizardCompareGuidesFor AuditorsGet Matched Free

Our Methodology

How we source, verify, and maintain the data behind every firm profile and editorial page on SOC2Scout.

Firm Discovery

We identify SOC2 auditor firms from the following primary sources:

  • AICPA member firm directories — the definitive source of CPA-licensed firms performing attest services
  • State CPA board databases — for license verification and disciplinary record checks
  • GRC platform partner pages — Vanta, Drata, Secureframe, and Thoropass publish lists of auditor partners
  • Industry conference and association listings — ISACA, (ISC)², and AICPA conference attendee lists
  • Client referrals — companies that complete SOC2 audits often name their auditor in case studies, announcements, or review submissions

AICPA License Verification

Before any firm is listed as “AICPA Certified” in our directory, we verify:

  1. The firm holds an active CPA license in at least one US state
  2. The firm is enrolled in the AICPA Peer Review Program (required for firms performing attest engagements)
  3. The firm has no active license suspension or disciplinary proceedings in its primary state
  4. The most recent peer review result is “pass” (firms with “pass with deficiencies” are noted)

Verification is performed using state CPA board licensee lookup tools and the AICPA Peer Review Program public database. Verification dates are tracked per firm and profiles are marked with their last verification date.

Pricing Data

Pricing ranges are sourced through three methods, in order of reliability:

  1. Direct firm outreach — we email firms requesting indicative price ranges for standard audit scenarios. Responses are used with permission. Firms are not compensated for providing pricing data.
  2. Public pricing pages and case studies — some firms publish pricing on their websites; this is used directly.
  3. Client review submissions — reviewers report the actual cost of their engagement. Verified reviews with pricing data are aggregated to produce ranges.

Pricing is shown as ranges, not specific quotes. Actual pricing depends on scope, company size, infrastructure complexity, and Trust Services Criteria selected. We update pricing data at least annually.

Review Validation

All reviews published on SOC2Scout are verified before publication. Our verification process requires:

  • Reviewer's company email domain matches a real business (not Gmail, Outlook, etc.)
  • Reviewer role is consistent with someone involved in a SOC2 audit (CTO, CISO, VP Engineering, Compliance Manager, etc.)
  • Audit year and type are consistent with publicly available information about the firm
  • Review text includes specific details that indicate first-hand experience

Reviews that cannot be verified are held pending and not published. We do not publish unverified reviews, regardless of sentiment. We do not remove negative reviews that meet our verification criteria.

Matchmaker Algorithm

The SOC2Scout matchmaker scores firms on a 0–100 scale based on the buyer's stated requirements:

Industry matchDoes the firm have experience in your industry?
25 points
Company stage matchDoes the firm work with companies at your stage?
20 points
GRC platform integrationDoes the firm integrate with your GRC platform?
20 points
Budget fitIs the firm's pricing within your stated budget?
20 points
Timeline fitCan the firm meet your stated timeline?
15 points
Review score bonusBonus for highly-reviewed firms
0–10 points
Featured bumpTiebreaker only — does not distort rankings
0–2 points

Featured listing status adds a maximum of 2 points as a tiebreaker only. Paid featured firms cannot appear in top positions purely because of their featured status — they must score highly on match criteria.

Data Update Schedule

AICPA license verification
Annually per firm, or upon receiving a correction request
Pricing ranges
Annually, or upon firm outreach with new pricing
Firm contact and service information
Quarterly audit of top 50 firms, annually for all firms
Editorial content (guides, comparisons)
Quarterly review, updated when standards or pricing change significantly
Review scores
Real-time as new verified reviews are published

Corrections and Disputes

Firms can request corrections to their profile data by contacting us at [email protected]. Correction requests must include documentation supporting the change (e.g., updated CPA license certificate, pricing documentation). We aim to process corrections within 5 business days.

Firms cannot request removal of published, verified reviews. Firms may submit a public response to any review through our response program (available to Premium subscribers).