SOC Examination Services

SOC & ISO | Compliance & Assessment Service
SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). The series of procedures are designed to provide confidence to the client’s – using services provided by the organization - that the organization can be trusted to keep their data secure.

SOC 1 Report

SOC 1 audits, which relate to the organization’s Internal Controls on Financial Reporting, are conducted against the assurance standard: International Standard on Assurance Engagements (ISAE) 3402 or SSAE 18. The SOC1, SOC for Cybersecurity, and SOC for Supply Chain report is an opinion expressed on the controls at a service organization relevant to user entities internal control over financial reporting. The SOC 1 examination attestation report is issued only after the services organization is audited to verify if the appropriate safeguards and procedures (controls) are in place.

SOC 1 Report Types

  • Type 1 – Report on management’s description of its system and the suitability of control design to meet the defined control objectives at a point-in-time
  • Type 2 - Report on management’s description of its system and the suitability of control design and operation effectiveness to meet the defined control objectives over a specified time period

SOC 2 Report

A SOC 2 examination audit report provides detailed information and assurance about a service organization's security, availability, processing integrity, confidentiality, and privacy controls, based on their compliance with the AICPA’s Trust Services Criteria(TSC). SOC 2 report provides management of a service organization, user entities, and other specified parties with information and a CPA’s opinion about controls at the service organization relevant to security, availability, processing integrity, confidentiality, or privacy.

SOC 2 Report Types

  • Type 1 – Report on suitability of controls design at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, to meet the defined control objectives at a point-in-time
  • Type 2 - Report on suitability of controls design and operational effectiveness at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, to meet the defined control objectives over a specified time period

Services

A licensed CPA will examine and report on the service organization controls & certify the organization to be SOC compliant.

We provide readiness services to the organization to become certified includes planning, documenting controls, identify gaps and provide recommendations on how to remediate the gaps identified.

We assist organizations to automate process using GRC tools.

SOC suit of services include:

  • SOC 1— SOC for Service Organizations: Internal Control Over Financial Reporting (ICFR)
  • SOC 2— SOC for Service Organizations: Trust Services Criteria
  • SOC 3— SOC for Service Organizations: Trust Services Criteria for General Use Report
  • SOC for Cybersecurity
  • SOC for Supply Chain
Would you like to discuss in detail? contact us