SOC Audits

What is a SOC Audit?

SOC Audits (System and Organization Control Audits) are intended to communicate information that could affect the security, availability, and processing integrity of users entities’ financial reporting. Your customers often require proof of a SOC Audit to ensure their information is protected when it’s housed on your server.

SOC audits emerged from the:

  • Growing need for effective controls and reporting processes
  • Ever-changing regulatory environment
  • Globalization of the business world
  • Expectations of service organizations to address more than financial reporting risks, such as:
    • Asset management
    • Data processing
    • Treasury
    • Operational areas
    • Pension administration
    • IT services

Which SOC Audit is right for you?

Whether you’re contemplating a SOC engagement for the first time or considering upgrading from a Type 1 to a Type 2, we recommend that you test the waters first. Prepare for it by having us walk you through the requirements before a formal report is issued with our Readiness Consulting.

SOC 1

SOC 1 reports are primarily used to provide your customer’s auditors with information and an opinion about your organization’s controls. These are designed for service organizations who have reporting requirements on Internal Control over Financial Reporting.

SOC 2

SOC 2 compliance is designed for the growing number of technology service organization entities that need a more technical audit with emphasis on comprehensive information, security policies, and procedures.

SOC 3

SOC 3 reports are intended for a wide range of users who may be interested in your organization’s controls. These reports provide the same level of assurance as SOC 2 but are for general release.

If you don’t need a SOC audit, we can perform a Risk Assessment and apply the same principles with a lower cost to you.

For more information on SOC audits, connect with our strategic subsidiary, Service One Solutions.