skip to main content

SOC Reporting Services

SOC Reporting Services

Verification and Assurance for Your Security and Controls

Does your organization process payments, host data or conduct other outsourced services for clients? Have you received questions about your security and controls? Do you need to provide verification to government regulators? A System and Organization Controls (SOC) report provides third-party peace of mind, universally satisfies compliance requirements and serves as a gold standard affirmation.

SOC reports are complex and cover a wide range of objectives and controls, so it is important to work with an assurance team well-versed in quality standards and reliable output. RKL’s assurance professionals combined have three decades of experience conducting SOC reports, and they can help you determine which type of SOC report works best for your requirements and goals.

SOC Reporting Services

SOC Report: Which Type Does Your Organization Need?

SOC 1

What is it? An assurance tool for controls related to financial reporting designed by the American Institute of Certified Public Accountants (AICPA).

Who needs one? Any organization that provides services that could have an impact on financial operations at another company.

What does it cover? At least six months of information that is material and impactful to the financial statement.

SOC 2

What is it? Also designed by AICPA, SOC 2 tests controls related to five principles of the Trust Services Criteria (security, availability, confidentiality, privacy, processing integrity).

Who needs one? Any organization that provides services to other companies that include the holding or processing of data or information on others’ behalf.

What does it cover? At least two months of technical controls for data storage and processing (not financial information).

 

 

SOC Reporting ServicesSOC Reporting Services

SOC for Cybersecurity

What is it? Using the same Trust Services Criteria as the SOC 2, a framework designed to demonstrate the detailed design and controls for their cybersecurity management program.

Who needs one? Any organization that seeks or is required to demonstrate the effectiveness of their cybersecurity risk management program.

What does it cover? At least two months of technical controls for data storage and/or processing (not financial information).

SOC for Supply Chain

What is it? A reporting framework created to convey supply chain risk management efforts to stakeholders

Who needs one? Manufacturing and distribution organizations with complex supply chains, those handling sensitive customer data, or any that wish to demonstrate to clients, suppliers, and stakeholders that they have effective controls to manage and mitigate supply chain risks.

What does it cover? At least two months of technical controls for data storage and/processing (not financial information).

SOC Reporting ServicesSOC Reporting Services

Why RKL for SOC Reporting?

Tax Services Icon

Transparency

Each engagement starts with a review of existing reports to identify any gaps in prior SOC reports and align with management around objectives and controls that need to be tested. Without a previous report, we look at other process narratives, documents and established procedures to leverage existing efforts.

Timeliness

Whether you need a report related to financial statement preparation and review with a hard deadline or have your own internal timeline that needs to be met, our team will meet it without cutting corners to produce a thorough and reliable assurance opinion.

Quality

The AICPA sets high standards for SOC Reports and RKL uses those as the floor, not the ceiling. We are committed to delivering a comprehensive report that assuages security and safety concerns and drives ongoing value for your organization and your clients.

SOC Reporting Services

Related Articles