SOC Reporting Services
Verification and Assurance for Your Security and Controls
Does your organization process payments, host data or conduct other outsourced services for clients? Have you received questions about your security and controls? Do you need to provide verification to government regulators? A System and Organization Controls (SOC) report provides third-party peace of mind, universally satisfies compliance requirements and serves as a gold standard affirmation.
SOC reports are complex and cover a wide range of objectives and controls, so it is important to work with an assurance team well-versed in quality standards and reliable output. RKL’s assurance professionals combined have three decades of experience conducting SOC reports, and they can help you determine which type of SOC report works best for your requirements and goals.
SOC Report: Which Type Does Your Organization Need?
SOC 1
What is it? An assurance tool for controls related to financial reporting designed by the American Institute of Certified Public Accountants (AICPA).
Who needs one? Any organization that provides services that could have an impact on financial operations at another company.
What does it cover? At least six months of information that is material and impactful to the financial statement.
SOC 2
What is it? Also designed by AICPA, SOC 2 tests controls related to five principles of the Trust Services Criteria (security, availability, confidentiality, privacy, processing integrity).
Who needs one? Any organization that provides services to other companies that include the holding or processing of data or information on others’ behalf.
What does it cover? At least two months of technical controls for data storage and processing (not financial information).
SOC for Cybersecurity
What is it? Using the same Trust Services Criteria as the SOC 2, a framework designed to demonstrate the detailed design and controls for their cybersecurity management program.
Who needs one? Any organization that seeks or is required to demonstrate the effectiveness of their cybersecurity risk management program.
What does it cover? At least two months of technical controls for data storage and/or processing (not financial information).
SOC for Supply Chain
What is it? A reporting framework created to convey supply chain risk management efforts to stakeholders
Who needs one? Manufacturing and distribution organizations with complex supply chains, those handling sensitive customer data, or any that wish to demonstrate to clients, suppliers, and stakeholders that they have effective controls to manage and mitigate supply chain risks.
What does it cover? At least two months of technical controls for data storage and/processing (not financial information).
Why RKL for SOC Reporting?
Transparency
Each engagement starts with a review of existing reports to identify any gaps in prior SOC reports and align with management around objectives and controls that need to be tested. Without a previous report, we look at other process narratives, documents and established procedures to leverage existing efforts.
Timeliness
Whether you need a report related to financial statement preparation and review with a hard deadline or have your own internal timeline that needs to be met, our team will meet it without cutting corners to produce a thorough and reliable assurance opinion.
Quality
The AICPA sets high standards for SOC Reports and RKL uses those as the floor, not the ceiling. We are committed to delivering a comprehensive report that assuages security and safety concerns and drives ongoing value for your organization and your clients.
What Our Clients Say
“RKL has been an invaluable partner for our SOC 2 process and reporting. RKL has made our company more viable in negotiating and obtaining various contracts and improved our organizational process and operations. I would highly recommend RKL to any company seeking SOC reporting services.”
“As a longstanding client of RKL’s SOC services, we recommend them for any organization serious about their security posture. The RKL team’s professionalism and deep dive into our systems and processes are unparalleled. Their attentiveness and flexibility in scheduling have made collaboration seamless. Their engagement feels less like a routine audit and more like an insightful journey into improving our operations, with the end result being a comprehensive SOC report that truly reflects our commitment to excellence.”
