Does your organization process payments, host data or conduct other outsourced services for clients? Have you received questions about your security and controls? Do you need to provide verification to government regulators? A System and Organization Controls (SOC) report provides third-party peace of mind, universally satisfies compliance requirements and serves as a gold standard affirmation.
SOC reports are complex and cover a wide range of objectives and controls, so it is important to work with an assurance team well-versed in quality standards and reliable output. RKL’s assurance professionals combined have three decades of experience conducting SOC reports, and they can help you determine which type of SOC report works best for your requirements and goals.
What is it? An assurance tool for controls related to financial reporting designed by the American Institute of Certified Public Accountants (AICPA).
Who needs one? Any organization that provides services that could have an impact on financial operations at another company.
What does it cover? At least six months of information that is material and impactful to the financial statement.
What is it? Also designed by AICPA, SOC 2 tests controls related to five principles of the Trust Services Criteria (security, availability, confidentiality, privacy, processing integrity).
Who needs one? Any organization that provides services to other companies that include the holding or processing of data or information on others’ behalf.
What does it cover? At least two months of technical controls for data storage and processing (not financial information).
What is it? Using the same Trust Services Criteria as the SOC 2, a framework designed to demonstrate the detailed design and controls for their cybersecurity management program.
Who needs one? Any organization that seeks or is required to demonstrate the effectiveness of their cybersecurity risk management program.
What does it cover? At least two months of technical controls for data storage and/or processing (not financial information).
What is it? A reporting framework created to convey supply chain risk management efforts to stakeholders
Who needs one? Manufacturing and distribution organizations with complex supply chains, those handling sensitive customer data, or any that wish to demonstrate to clients, suppliers, and stakeholders that they have effective controls to manage and mitigate supply chain risks.
What does it cover? At least two months of technical controls for data storage and/processing (not financial information).
“RKL has been an invaluable partner for our SOC 2 process and reporting. RKL has made our company more viable in negotiating and obtaining various contracts and improved our organizational process and operations. I would highly recommend RKL to any company seeking SOC reporting services.”
“As a longstanding client of RKL’s SOC services, we recommend them for any organization serious about their security posture. The RKL team’s professionalism and deep dive into our systems and processes are unparalleled. Their attentiveness and flexibility in scheduling have made collaboration seamless. Their engagement feels less like a routine audit and more like an insightful journey into improving our operations, with the end result being a comprehensive SOC report that truly reflects our commitment to excellence.”