Service organization controls (SOC) reports describe companies’ examinations of their internal controls over financial statements, security, availability, processing integrity, confidentiality, or privacy.
Each company’s needs will vary, and the type of SOC report your organization needs may be different from what you may think. There are three different reports:
SOC Report 1
SOC Report 2
SOC Report 3
Purpose
Reports on the controls of the service organization that are relevant to the user organization’s financial reporting
Reports on the effectiveness of the controls of the service organization related to compliance or operations, including trust services principles and criteria
Same purpose as SOC 2
Information required
Details on the system, controls, and tests performed by the service auditor, and results of those tests
Details on the system, controls, and tests performed by the service auditor, and results of those tests
Same information as SOC 2, but with a less detailed description of the controls of the service organization
Audience
User organization’s controllers, compliance officers, CFO, CIO, and financial statement auditors
User organization’s controllers, compliance officers, CFO, CIO, vendor management executives, regulators, other specified parties, and appropriate business partners
Unrestricted and can be viewed by anyone who would like confidence in the controls of the service organization
Our specialized professionals have the experience and knowledge to assist your organization in determining the correct SOC report for your organization’s needs and guide you through the reporting process with minimal staff interruption.