SOC Examinations

System & Organization Controls (SOC)

System and Organization Controls (SOC) reports are a widely accepted platform for organizations to demonstrate the design and effectiveness of their system of internal controls.

SOC reports are issued under Statements on Standards for Attestation Engagements as published by the American Institute of Certified Public Accountants (AICPA), and are commonly referred to as SSAE examinations.

SOC for Service Organizations SOC 1
SOC 1 reports consist of an examination of an organization’s controls that may be relevant to their customers’ internal control over financial reporting. SOC 1 reports can include financial, business process, or general IT controls that may be considered relevant by a customer or a customer’s auditors to their financial reporting.
SOC for Service Organizations SOC 2
SOC 2 reports consist of an examination of a service organization’s controls relevant to the applicable Trust Service Categories of Security, Availability, Processing Integrity, Confidentiality, and/or Privacy based on criteria established by the AICPA. SOC 2 reports generally have a broader user audience as they do not necessarily have to report on controls relevant to users’ financial reporting.
SOC for Service Organizations SOC 3
Similar to a SOC 2 report, a SOC 3 report consists of an examination of a service organization’s controls relevant to the applicable Trust Service Categories of Security, Availability, Processing Integrity, Confidentiality, and/or Privacy. However, the SOC 3 report does not have a restricted use and can be distributed freely by management.
SOC for Cybersecurity

SOC for Cybersecurity examinations provides an assessment of an organization’s cybersecurity risk management program. The SOC for Cybersecurity report is designed to be appropriate for any type of organization (not just service organizations). The report use is not restricted and can be distributed freely by management.

SOC for Supply Chain

The SOC for Supply Chain examination is designed to help manufacturers, producers, or distribution organizations communicate information regarding their production, manufacturing, or distribution system and supply chain risk management program.

Our Examination Process

Defined and tested process to streamline your examination, empower you with information, and deliver quality.