Transitioning between System and Organization Control (SOC) reports


How a SOC 2® report can benefit organizations currently receiving a SOC 1 report

In 2011, the American Institute of Certified Public Accountants (AICPA) retired the SAS70 standard and replaced it with the SOC 1 and SOC 2® reporting vehicles. Service organizations have been providing their customers, clients and key stakeholders with controls assurance via one of these reports. Typically, a company would receive either a SOC 1 OR a SOC 2® report. However, many organizations receiving SOC 1 are also seeking a SOC 2® examination in response to their customers’ demand.

In this webinar, Baker Tilly discusses the key differences between the SOC 1 and SOC 2® report, and why a company receiving a SOC 1 report would need or benefit from a SOC 2® report.

Key learning objectives

After attending this webinar, participants will be able to:

  • Identify the differences between the SOC 1 and SOC 2® report.
  • Describe the applicability of the SOC 1 and SOC 2® report and the circumstances when the use of each report is appropriate.
  • Determine if their organization should receive a SOC 2® report, or if a reports should be requested from key vendors.
  • Recognize the additional effort needed to perform a SOC 2® examination if a SOC 1 is already being performed.
  • Discuss the SOC 2® processing integrity criteria requirements and how they may or may not overlap with SOC 1 controls.

Who should attend?

This webinar is intended for service organizations that have SOC 1 examinations performed over their operations and are considering having a SOC 2® examination performed. Companies who receive SOC 1 reports from their key vendors may also find the webinar helpful to understand the benefits of receiving a SOC 2® report in addition to the SOC 1 report.

Download the presentation >