Menu
Get Ready
SOC 2 Readiness Assessmentsoc2.zip Prep PackageCompare service firms
SOC 2 Readiness FirmsPenetration Testing FirmsvCISO FirmsISO 27001 ConsultantsCompliance ConsultantsAll Service FirmsThomas Howell Ferguson is a mid-tier SOC 2 audit firm in Tallahassee, FL, USA that charges $30K–$80K for Type II audits with 8–20 week fieldwork-to-report timelines. Founded in 1993, they hold 1 accreditations and specialize in Government, Insurance, Nonprofit, and 3 more. Their pricing is in the mid-range compared to the mid-tier average of $28.7K–$76K.
Free. Anonymous until you pick.
Estimated Type 1 and Type 2 ranges, placed against the broader mid-tier peer set. Numbers are directional; final pricing depends on scope, Trust Services Criteria, evidence quality, and observation period.
Note: Pricing shown is estimated based on typical engagements. Use our SOC 2 cost calculator for a personalized estimate.
Timeline: The 8–20 week figure is the audit fieldwork-to-report window once evidence is ready, not the full engagement. A SOC 2 Type II also requires an observation period, typically 3–12 months depending on scope, before that window begins.
of Mid-tier firms charge more for Type II.
of Mid-tier firms have longer minimum timelines.
listed certifications. Tier average: 2.
Side-by-side pricing, timeline, and certification counts for the 5 closest-priced peers in the mid-tier tier.
| Thomas Howell Ferguson | AAFCPAs | Anders CPAs + Advisors | Bennett Thrasher | Dannible McKee | FinAudit CPA | |
|---|---|---|---|---|---|---|
| Type II Cost | $30K–$80K | $30K–$80K | $30K–$80K | $30K–$80K | $30K–$80K | $30K–$80K |
| Type I Cost | $20K–$60K | $20K–$60K | $20K–$60K | $20K–$60K | $20K–$60K | $20K–$60K |
| Timeline | 8–20 wk | 6–12 wk | 8–20 wk | 8–20 wk | 8–20 wk | 6–12 wk |
| Team Size | 150-200+ | 350–1000 | 380–410 | 480–510 | 100–115 | 100–1000 |
| Certifications | 1 | 3 | 1 | 1 | 2 | 2 |
| Founded | 1993 | 1973 | 1965 | 1980 | 1978 | 2010 |
For buyers in Government and Insurance, Thomas Howell Ferguson fits the mid-tier profile when timeline (8–20 weeks) and Type II pricing ($30K–$80K) align with what mid-tier firms typically deliver.
Service organizations in the Southeast (Florida, Georgia) needing SOC 1/SOC 2 audits from a regional CPA firm with a dedicated SOC practice through its Service One Solutions subsidiary.
Spun up a dedicated SOC audit subsidiary (Service One Solutions) specifically to serve the growing technology and insurance client base in Tallahassee - one of the few regional Southeast firms with a focused SOC practice built in-house.
of 1 criteria match. Get a personalized quote
Visit Thomas Howell Ferguson's website directly, or get an anonymous quote through us. Tell us your scope, Thomas Howell Ferguson replies with a price, a timeline, and why they'd be a fit. Anonymous until you pick.
Tags below are preserved as crawlable text because they drive industry, accreditation, and GRC-platform comparisons across firm pages.
6 industries. Mid-tier average: 6.
1 certifications. Mid-tier average: 2.
Proprietary
Firm-specific answers generated from the directory record and preserved in FAQPage schema.
Thomas Howell Ferguson SOC 2 Type I audits typically range from $20K to $60K. Type II audits range from $30K to $80K. This is in the mid-range for mid-tier firms — the mid-tier tier average is $28.745K–$76.043K. Final pricing depends on your organization's scope, number of trust service criteria, and system complexity.
The 8–20 week range is Thomas Howell Ferguson's audit execution and report-delivery window once evidence is available. It is the fieldwork-to-report window, not the full engagement. A SOC 2 Type II also requires an observation period, typically 3–12 months depending on scope, before that window begins, while a Type I is a point-in-time assessment with no observation period. Actual timelines depend on readiness, scope, and evidence availability.
Thomas Howell Ferguson has deep expertise in Government, Insurance, Nonprofit, Technology, Construction, Real estate. They are best suited for Service organizations in the Southeast (Florida, Georgia) needing SOC 1/SOC 2 audits from a regional CPA firm with a dedicated SOC practice through its Service One Solutions subsidiary.
Thomas Howell Ferguson holds 1 accreditations: AICPA.
Thomas Howell Ferguson uses Proprietary for their audit engagements. Reports are delivered via Digital delivery.
Thomas Howell Ferguson is a mid-tier SOC 2 audit firm founded in 1993 with 33 years of experience. Spun up a dedicated SOC audit subsidiary (Service One Solutions) specifically to serve the growing technology and insurance client base in Tallahassee - one of the few regional Southeast firms with a focused SOC practice built in-house. They are best suited for organizations that need government, insurance, nonprofit expertise.
Thomas Howell Ferguson is headquartered in Tallahassee, FL, USA. They serve clients across the United States and can conduct SOC 2 audits remotely.
Compared to the 47 mid-tier firms in our directory, Thomas Howell Ferguson's Type II pricing ($30K–$80K) is in the mid-range (tier average: $28.745K–$76.043K). They hold 1 certifications vs. the tier average of 2. Their minimum timeline of 8 weeks is comparable to the tier average.
Thomas Howell Ferguson is best suited for Service organizations in the Southeast (Florida, Georgia) needing SOC 1/SOC 2 audits from a regional CPA firm with a dedicated SOC practice through its Service One Solutions subsidiary. Their key differentiator is: Spun up a dedicated SOC audit subsidiary (Service One Solutions) specifically to serve the growing technology and insurance client base in Tallahassee - one of the few regional Southeast firms with a focused SOC practice built in-house.
A buyer-side checklist. Bring these to your first call — the answers separate firms that have run hundreds of SOC 2 engagements from firms that are bidding on them.
Tell us your scope. Thomas Howell Ferguson replies with a price, a timeline, and why they'd be a fit. Anonymous until you pick.
Want to compare first? See 47 similar mid-tier firms or get 3 quotes.
How government contractors use SOC 2 to win federal contracts, map controls to CMMC and NIST 800-171, and build a unified compliance program.
Explore the key differences in SOC 2 vs FedRAMP. This guide covers controls, costs, and strategic pathways for cloud service providers.
Thoropass vs Drata: Thoropass bundles a single in-house CPA audit; Drata is software-only with the deepest independent auditor network. Compare multi-framework cost, auditor choice, and long-term fit.
