Search for:
SBA 8(a) Business Development Program Consulting Services
Cybersecurity Maturity Model Certification (CMMC)
Providing You Guidance to Innovate and Grow Your Business
Government Contractor Consulting Services
Healthcare Industry M&A Report: What We Saw in 2021 and What’s Ahead
Cannabis Accounting, Tax & Business Advisory Services
Providing You Guidance to Innovate and Grow Your Business
Government Contractor Consulting Services
Providing You Guidance to Innovate and Grow Your Business
Government Contractor Consulting Services
General Data Protection Regulation (GDPR) for Higher Education Institutions
Government Contractor Consulting Services
2021 US Middle-Market Private Equity Report
Advisory, Accounting & Tax Services for Special Purpose Acquisition Companies (SPACs)
Risk Management Consulting Services for the Financial Services Industry
Government Contractor Consulting Services
Providing You Guidance to Innovate and Grow Your Business
Government Contractor Consulting Services
Providing You Guidance to Innovate and Grow Your Business
Government Contractor Consulting Services

COVID-19 Guidance Center

Tax Implications and Financial Business Guidance Regarding the Coronavirus

Transaction Advisory Services

Helping businesses navigate financial due diligence engagements and domestic and cross-border transactions.

Employee Retention Credit Tax Services

Expanded Employee Retention Credit (ERC) & how our professionals can assist you.

Services

SOC Reporting Services

shadow

Understanding SOC Audits

With more companies outsourcing financial and information technology services to third parties, it has become critical to understand each service entity and its system and organization controls. As such, the American Institute of Certified Public Accountants (AICPA) has replaced prior SAS 70 and SSAE16 audits, as well as Webtrust and Systrust reports/seals, with a new set of standards: the Statement on Standards for Attestation Engagements No. 18 (SSAE 18), which governs various the SOC audits described below.

Which SOC Report is the right one for you?

Cherry Bekaert deploys an experienced team of CPAs, Certified Information Systems Auditors (CISA) and Certified Information System Security Professionals (CISSP) in conducting SOC audits for service organizations across a wide span of industries. Whether you are embarking on your first SOC report and are interested in a Readiness Assessment followed by a SOC audit or have received SOC audit reports for years, our professionals are here to help.

Related Thought Leadership
play button
Dec 01
Webinar Recording

CMMC 2.0 Brings Major Program Changes

Watch Now
Jun 28
Article

Three Key Takeaways from NC TECH’s State of Technology

Read More
play button
Jun 24
Webinar Recording

SOC 2 Changes & What This Means to You

Watch Now
Feb 03
Article

Supply Chain Cybersecurity: How to Mitigate Third-Party Threats and Re...

Read More
Apr 22
Article

AICPA Updates SOC 2 Guide and Issues Description Criteria

Read More

Types of SOC Reporting Services

Readiness Assessment & Gap Analysis

SOC audits, often mis-labeled as a certification, are in fact an attestation audit that includes a CPA signature on the opinion.  Therefore, adequately preparing for your first SOC audit is imperative, and right-sizing the scope for the subsequent audits should be paramount.  Engaging under the AICPAs Consulting Standards, our professionals are able to help guide your organization and assist in helping you prepare and complete the necessary steps and documentation required for a SOC audit.

SOC 1 Report

Once known as a SAS 70 or SSAE 16 and more recently referred to as SSAE 18, a SOC 1 report covers controls at a service organization that may be relevant to user entities’ internal control over financial reporting.

Two types of SOC 1 reports exist as follows:

  • Type I – A report on management’s description of a service organization’s system and the suitability of the design of controls.
  • Type II – A report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.

SOC 2 and SOC 2+ Report

This SOC 2 report replaces prior Systrust and Webtrust reviews. The purpose is to evaluate an organization’s information technology controls relevant to any single, or combination, of the following five trust principles and their corresponding criteria issued by the AICPA:

  1. Security (required)
  2. Availability
  3. Confidentiality
  4. Processing Integrity
  5. Privacy

In addition, using SOC 2+, we are able to incorporate other frameworks into our audit reports such as NIST 800-53 or 171, ISO 27001, HITRUST (HIPAA Compliance), Payment Card Industry (PCI), Cloud Security Alliance (CSA) and the Cybersecurity Maturity Model Certification (CMMC).

A SOC 2 report is intended for use by stakeholders such as customers, regulators, business partners, suppliers and directors. Similar to SOC 1, your service organizations can choose to undergo a Type I or Type II audit.

SOC 3 Report

Similar to the SOC 2, this SOC report is based on the five trust principles and their corresponding criteria issued by the AICPA. However, the report does not detail any testing as it is intended for marketing purposes. A SOC 3 is the only of the three reports that is for general use and can be posted on your company website.

SOC for Cybersecurity Report

This report is designed to assist organizations as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs to key stakeholders.  Similar to SOC 1, your service organizations can choose to undergo a Type I or Type II audit.

SOC for Supply Chain Report

Intended primarily for organizations that produce, manufacture, or distribute products, the SOC for Supply Chain helps organizations build stakeholder trust by providing assurance over key aspects of operational processes and related controls.  Similar to SOC 1, your service organizations can choose to undergo a Type I or Type II audit.

How To Identify The SOC Report That Is Right For You Chart

Let's Talk

Steven J. Ursillo, Jr.

Information Assurance & Cybersecurity Leader

Let's Talk

Brochures

System & Organization Controls SOC 2 Services

Discover our full suite of System and Organization Controls SOC 2 Reporting Services. Let us...

Learn More