Service Organization Controls (SOC) Reports
Service organizations may receive requests from customers, regulators, business partners, and others to provide assurance on internal controls over transactions related to: 1) financial reporting, 2) protection of the confidentiality and privacy of users’ data, and/or 3) security, availability, and processing integrity of your service organization’s systems. Or, as a service organization, you may elect to obtain assurance services to obtain the confidence of current and potential suppliers, customers, and other business partners.
As a CPA firm, we have the experience and expertise to perform procedures to the standards of the American Institute of CPAs (AICPA) which will reassure end users that your business is operating effectively with data that is secure.
Our firm is qualified to perform and issue each type of SOC report:
SOC 1 Report – primarily designed for management and auditors of your service organization. This report is designed to evaluate the effectiveness of internal controls over financial reporting which will provide users of the report with assurance regarding accuracy of the financial statements.
SOC 2 Report – primarily designed for a wide range of users (management, regulators, customers, and others) who are concerned with controls over transactions, data integrity, security, and other aspects of your service organization. This report is designed to provide stakeholders with confidence that your organization systems can be relied upon and trusted.
SOC 3 Report – primarily designed for any users who need confidence in your service organization’s controls and is often used for marketing purposes.
SOC 1 and SOC 2 Reports have two types that may be issued:
Type 1 – report on the fairness of management’s description of your service organization’s systems and whether these controls appear to be designed effectively to achieve the related control objectives.
Type 2 Report – reports on the fairness of management’s description of your service organization’s systems, whether these controls appear to be designed effectively to achieve the related control objectives, and if the controls are operating effectively to achieve the related control objectives.