SOC Services
A System and Organization Controls report (SOC 1, 2, 3 or for cybersecurity report) is recognized internationally as a method to enlist trust and confidence in your security and financial control structure. SOC reports are performed in compliance with guidance from the AICPA’s Statement on Standards for Attestation Engagements No. 18 (SSAE 18, formerly SSAE 16).
SOC Services
SOC 1, Type 2 Reports
-
The SOC 1 Report is intended to evaluate the effect of the internal controls at a service organization on the user entities’ financial statement assertions.
-
SOC 1 reports have become an essential tool for businesses in assessing the risks associated with their service organizations.
-
The standards that the SOC 1 report is based off of is SSAE 18.
-
Type 2 reports on the controls over a period of time, typically a full year.
-
It also determines the effectiveness of the control activities from a financial auditing standpoint.
SOC 1, Type 1 Reports
-
The same information is applicable to the SOC 1, Type 1 as the SOC 1, Type 2 displayed above, except the report is a point-in-time report that audits the controls on a specific date.
-
This option is less popular due to the point-in-time reporting.
SOC for Cybersecurity
-
The SOC for Cybersecurity reports require a licensed CPA firm to independently assess the organization’s controls relative to meeting the descriptive and control criteria as of a date.
-
Type 1 Report - As of a Specific Date
-
Type 2 Report - Over a Flexible Period of Time (Usually Atleast 6 Months)
