SOC Reporting

SOC Reporting for Service Organizations

SOC Reporting options are valuable tools for organizations and can be issued to present control activities and processes at a service organization in a cohesive format to users of your services or users’ auditors.
Some of the benefits include:

  • Reducing or potentially eliminating questions and costly site visits
  • Differentiating the service organization from its peers and building trust
  • Additional assurance to management and governance bodies
Check out our article on Monitoring Service Providers:
The Role of Type II SOC I Reports
View Article
SOC 1 Reports
Reporting on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting
  • Covers controls relevant to financial reporting
  • Meets the needs of auditors in evaluating the effectiveness of controls at a service organization
  • Reports are restricted to the management of the service organization, user entities, and user auditor
SOC 2 Reports
Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy
  • Intended for a broader range of users
  • Reports are generally restricted
SOC 3 Reports
Trust Services Report for Service Organizations
  • A simplified version of a SOC 2 report covering the same subject matter
  • General-use report
  • Can be freely distributed and posted on a website​​
Report Types
The SOC 1 and SOC 2 reports can be further broken down into two types:
  • Type I: Reports on management’s description of a service organization’s system and the suitability of the design of controls.
  • Type II: Covers everything that a Type I report includes, plus reports on the operating effectiveness of controls.

SOC 2 Reports cover controls at a service organization relevant to 5 Trust Principles:

Security

The system is protected against unauthorized access (both physical and logical)

Availability

The system is available for operation and use as committed or agreed

Processing integrity

System processing is complete, accurate, timely and authorized

Confidentiality

Information designated as confidential is protected as committed or agreed

Privacy

Personal information is collected, used, retained, disclosed and destroyed in conformity with the AICPA and CICA

To learn more about how we can help CONTACT US

Practice Leaders

Matthew R. Mallinak

Partner

James E. Merklin

Partner

CONTACT US TODAY TO START DISCUSSING YOUR OPTIONS

 

Contact Us

Related News and Articles

Accolades & Awards

IPA 2023 Top 200
Accounting Today RL 24
Best of Accounting 2024 Client Satisfaction
IPA 2023 Best of the Best

© 2024 Copyright Bober Markey Fedorovich, all rights reserved.

Privacy Policy | Terms of Use | Sitemap