System and Organization Control

We will work with you to customize a report and approach that is adequate and appropriate to meet your unique needs.

SOC (System and Organization Control) Audit

A System Organization Control Audit (SOC Audit) is a two-step process that provides service organizations with a SOC report that testifies to the organization’s trustworthiness and adherence to the latest standards in information security.


  • Step One:

    SourcetekIT conducts an analysis of the service organization’s practices regarding financial information and data integrity. Based on the findings, SourcetekIT helps the organization improve practices in order to receive a positive SOC report in step two.

  • Step Two:

    SourcetekIT connects the organization with a Certified Public Accountant (CPA) who conducts an additional analysis and provides the organization with an official report outlining the quality of their practices concerning financial information and data integrity.


Why is SOC important?

Businesses rely on service providers to protect and safeguard private, confidential, and sensitive information. This mandates some level of assurance that the service provider is maintaining a secure control environment. AICPA’s SOC framework allows service providers to demonstrate their compliance with established standard guidelines regarding Information Security, Processing Integrity, Confidentiality, Availability, and Privacy.

It is important to note that not every SOC report is the same. We will work with you to customize a report and approach that is adequate and appropriate to meet your unique needs.

Wondering which report is right for your organization? A quick outline of each type is as follows:

SOC 1 Report

A SOC 1 examines the internal controls at a service organization that impacts a user entity’s internal control over financial reporting (ex. employee benefits, payroll processing, loan servicing, etc.). This report is to be used by only user organizations, the management of user entities, customers and clients, as well as auditors.

SOC 2 Report

SOC 2 reports provide details on information security controls at a service organization. These controls are specified in 5 Trust Services Categories: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Your customers may entrust your company to store and process their sensitive customer and financial information, and a SOC 2 report is an effective way to communicate you have a mature information security program in place.

SOC 3 Report

A SOC 3 report addresses the same subject areas as a SOC 2 report, but in a shortened version that can be used in a service organization’s promotional efforts and on its website. For example, a SOC 3 report can be used in marketing materials to show potential customers that the organization has appropriate controls in place to mitigate risks in information security.

Our Services

  • SOC Consulting and Readiness:

    We have a structured approach to determine the applicable list of risks and controls that are required to achieve SOC attestation. Our approach ensures that the service organization has adequate ‘internal controls’ over applicable security criteria so that any Certified Public Accountant (CPA) will deliver a successful SOC report.

  • SOC Audits

    Work as an independent body to assess the security controls in the Organizations estate and produce an attestation report based on SSAE 18 Audit Standards.


Why is SOC important?

Businesses rely on service providers to protect and safeguard private, confidential, and sensitive information. This mandates some level of assurance that the service provider is maintaining a secure control environment. AICPA’s SOC framework allows service providers to demonstrate their compliance with established standard guidelines regarding Information Security, Processing Integrity, Confidentiality, Availability, and Privacy.

It is important to note that not every SOC report is the same. We will work with you to customize a report and approach that is adequate and appropriate to meet your unique needs.

"Find out how you and your organization can be in compliance with the appropriate security controls and regulations.”


Contact Us

© Copyright 2020. All Rights Reserved