Audit partner network
CPA firms that audit against Controls natively
Scorifya Controls is the platform. Your SOC 2 audit must be performed by a licensed CPA firm. The boutique firms below have walked through the Controls auditor portal, verified our RFC 3161 timestamps with OpenSSL, and confirmed they accept the evidence format without translation. If you already have an auditor, use them; if not, these are good places to start.
Onboarding partners
We're recruiting the first batch right now
Need an auditor for SOC 2 Type I or Type II and want a starting point? Email controls@scorifya.com with your stage, target report date, and which clouds you run, and we'll route you to a boutique firm that fits. Most seed-stage Type I engagements run $5,000 to $10,000 separate from the platform.
We never take a referral cut that affects your audit price, and the recommendation is non-binding. If the firm we suggest isn't a fit, the introduction costs you nothing and we'll suggest another.
How an engagement with a partner firm works
1. You buy Controls and configure it.
Deploy via docker compose, connect AWS, GCP, Azure, or GitHub, run your first checks, and start tracking the 20 manual controls. This takes a day or two of focused work.
2. We introduce you to a partner firm.
Email controls@scorifya.com with your stage and target report date. We send the intro and you and the auditor scope the engagement directly. Scorifya stays out of the audit conversation once the introduction is made.
3. The auditor opens the read-only portal you create for them.
Generate a time-limited share link from your Controls instance. The auditor reviews check history, manual attestations, and evidence files without needing a Scorifya account. RFC 3161 tokens travel with the data so the auditor can verify timestamps offline.
4. You pay the auditor for the report. Separate from Controls.
Type I reports typically run $5,000 to $10,000 from a boutique partner firm. Type II is higher and depends on the observation window. Scorifya invoices you for the platform; the auditor invoices you for the report. Two contracts, two invoices, no bundling.
Common questions
Is Scorifya the auditor?
No. Scorifya Controls is the SOC 2 readiness platform. Your audit must be performed by a licensed CPA firm. The firms on this page are independent practices that work natively with Controls.
Does Scorifya bundle the audit into the platform price?
No. Platform pricing and audit pricing stay separate. You choose your auditor and pay them directly. We list partner firms so you have a starting point if you don't already have a CPA.
Does Scorifya take a cut of the audit fee?
Referral arrangements with partner firms are non-exclusive and do not pull from your audit price. The platform price you pay for Controls is the same whether you go with a listed partner or an auditor you've already chosen.
What does 'works natively with Controls' actually mean?
The partner firm has walked through the auditor portal, run an OpenSSL verification against the RFC 3161 timestamps Controls issues, and confirmed they accept Controls' evidence packaging in a Type I or Type II engagement. No format translation is needed on either side.
I'm an auditor. How do I get listed here?
Email controls@scorifya.com with your firm name, AICPA member status, the AICPA TSC focus areas your practice covers, and a link to your firm's SOC 2 services page. The arrangement is non-exclusive, free to join, and listing is at our discretion based on fit for the seed-to-Series-B client base Controls serves.
Two paths from here
Pick the one that fits where you are right now.