You are running an unsupported version of Internet Explorer, please upgrade.

Search for:

Providing Solutions On Your Path to Innovation

Achieving Success When Selling to the World’s Largest Buyer

Providing Solutions On Your Path to Innovation

Achieving Success When Selling to the World’s Largest Buyer

Providing Solutions On Your Path to Innovation

Achieving Success When Selling to the World’s Largest Buyer

Providing Solutions On Your Path to Innovation

Achieving Success When Selling to the World’s Largest Buyer

Providing Solutions On Your Path to Innovation

Achieving Success When Selling to the World’s Largest Buyer

Federal Tax Reform: Opportunity Zones

Community Revitalization by Rewarding Private Investment

Section 199A Deduction for Pass-Through Entities

A Deduction of Up to 20% of Qualified Business Income

THIncIT

Leveraging Technologies to Improve 
Efficiency

Services

SOC Reporting Services

Understanding SOC Audits

With more companies outsourcing financial and information technology services to third parties, it has become critical to understand each service entity and its system and organization controls. As such, the American Institute of Certified Public Accountants (“AICPA”) has replaced the SAS 70 and SSAE16 audits, as well as Webtrust and Systrust reports/seals, with a new set of standards: the Statement on Standards for Attestation Engagements No. 18 (“SSAE 18”), which governs the SOC audit described below.

Let's Talk

Neal W. Beggan

Principal, Risk Assurance & Advisory Services

Let's Talk

Types of SOC Reporting Services

SOC 1

Once known as a SAS 70 and more recently referred to as SSAE 16, a SOC 1 report covers controls at a service organization that may be relevant to user entities’ internal control over financial reporting.

Two types of SOC 1 reports exist as follows:

  • Type I – A report on management’s description of a service organization’s system and the suitability of the design of controls.
  • Type II – A report on management’s description of a service organization’s system and the suitability of the design and effectiveness of controls.

SOC 2 and SOC 2+

This SOC report replaces prior Systrust and Webtrust reviews. The purpose is to evaluate an organization’s information technology controls relevant to any single, or combination, of the following five trust principles and their corresponding criteria issued by the AICPA:

  • Security
  • Availability
  • Confidentiality
  • Processing Integrity
  • Privacy

In addition, using SOC 2+, we are able to incorporate other frameworks into our audit reports such as NIST, HITRUST, PCI and ISO.

A SOC 2 report is intended for use by stakeholders such as customers, regulators, business partners, suppliers and directors. Similar to SOC 1, your service organizations can choose to undergo a Type I or Type II audit.

SOC 3

Like the SOC 2, this SOC report is based on the five trust principles and their corresponding criteria issued by the AICPA. However, the report does not detail any testing as it is intended for marketing purposes. A SOC 3 is the only of the three reports that is for general use and can be posted on your company website.

SOC for cybersecurity

This report is designed to assist organizations as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs to key stakeholders.

How To Identify The SOC Report That Is Right For You Chart

Which SOC Report is the right one for you?

Cherry Bekaert deploys an experienced team of CPAs, Certified Information Systems Auditors (CISA) and Certified Information System Security Professionals (CISSP) in conducting SOC 1, SOC 2/2+ and SOC 3 audits for service organizations across a wide span of industries. Whether you are embarking on your first SOC report and are interested in a Readiness Assessment followed by a SOC audit or have received SOC audit reports for years, our professionals can help.

Related Thought Leadership

Featured Alert

Brochure

Risk Assurance & Advisory Services: SOC 2 & SOC 2+ Services

Download

Featured Alert

Brochure

Risk Assurance & Advisory Services: SOC 1, 2 & 2+ Audit Serv...

Download

Featured Alert

Brochure

Risk Assurance & Advisory Services: SOC 1 Services

Download

Featured Video

Dec 13
Webinar Recording

SOC 2 Changes & What This Means to You

Watch Now

Featured Alert

Nov 28
Article

Upcoming Changes to the SOC 2 Reporting Framework

Read More

Featured Alert

Mar 26
Article

AICPA Updates SOC 2 Guide and Issues Description Criteria

Read More