SOC Services
A System and Organization Controls report (SOC 1, 2, 3 or for cybersecurity report) is recognized internationally as a method to enlist trust and confidence in your security and financial control structure. SOC reports are performed in compliance with guidance from the AICPA’s Statement on Standards for Attestation Engagements No. 18 (SSAE 18, formerly SSAE 16).
SOC Services
SOC 1, Type 2 Reports
-
The SOC 1 Report is intended to evaluate the effect of the internal controls at a service organization on the user entities’ financial statement assertions.
-
SOC 1 reports have become an essential tool for businesses in assessing the risks associated with their service organizations.
-
The standards that the SOC 1 report is based off of is SSAE 18.
-
Type 2 reports on the controls over a period of time, typically a full year.
-
It also determines the effectiveness of the control activities from a financial auditing standpoint.
SOC for Cybersecurity
-
The SOC for Cybersecurity reports require a licensed CPA firm to independently assess the organization’s controls relative to meeting the descriptive and control criteria as of a date.
-
Type 1 Report - As of a Specific Date
-
Type 2 Report - Over a Flexible Period of Time (Usually Atleast 6 Months)