A System Organization Control Audit (SOC Audit) is a two-step process that provides service organizations with a SOC report that testifies to the organization’s trustworthiness and adherence to the latest standards in information security.
Businesses rely on service providers to protect and safeguard private, confidential, and sensitive information. This mandates some level of assurance that the service provider is maintaining a secure control environment. AICPA’s SOC framework allows service providers to demonstrate their compliance with established standard guidelines regarding Information Security, Processing Integrity, Confidentiality, Availability, and Privacy.
It is important to note that not every SOC report is the same. We will work with you to customize a report and approach that is adequate and appropriate to meet your unique needs.
A SOC 1 examines the internal controls at a service organization that impacts a user entity’s internal control over financial reporting (ex. employee benefits, payroll processing, loan servicing, etc.). This report is to be used by only user organizations, the management of user entities, customers and clients, as well as auditors.
SOC 2 reports provide details on information security controls at a service organization. These controls are specified in 5 Trust Services Categories: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Your customers may entrust your company to store and process their sensitive customer and financial information, and a SOC 2 report is an effective way to communicate you have a mature information security program in place.
A SOC 3 report addresses the same subject areas as a SOC 2 report, but in a shortened version that can be used in a service organization’s promotional efforts and on its website. For example, a SOC 3 report can be used in marketing materials to show potential customers that the organization has appropriate controls in place to mitigate risks in information security.
Businesses rely on service providers to protect and safeguard private, confidential, and sensitive information. This mandates some level of assurance that the service provider is maintaining a secure control environment. AICPA’s SOC framework allows service providers to demonstrate their compliance with established standard guidelines regarding Information Security, Processing Integrity, Confidentiality, Availability, and Privacy.
It is important to note that not every SOC report is the same. We will work with you to customize a report and approach that is adequate and appropriate to meet your unique needs.