Tips to understand and maximize the value of SOC reports for boards, audit committees and senior management
System and Organization Control (SOC) reports allow vendors to articulate their internal control processes to their customers, and organizations to articulate their entity-wide cybersecurity risk management program, and provide peace of mind that those controls have been examined by an independent service auditor. According to the AICPA, “SOC engagements have become the gold standard for examining, assessing and reporting on these controls.”
Baker Tilly’s SOC tip sheet will answer:
- What is a SOC report?
- What are the unique aspects of SOC 1, SOC 2 and SOC for Cybersecurity reports?
- What is the difference between SSAE16 and SSAE18?
- How to identify the SOC report that’s right for your organization.
- What is the value of a SOC audit and SOC report to my organization? What does it take to achieve SOC compliance?
- What are the key differences between a Type 1 and Type 2 report?
- Does a SOC for Cybersecurity (cyber assurance) report give an organization the ability to demonstrate it has effective processes and controls in place to detect, respond to, mitigate and recover from breaches and other security events?
- What should I do with the SOC report after it is complete?
- Frequently asked questions
For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.