SOC Examinations

Clear, thorough, and cooperative SOC examinations.

Provide a higher level of confidence to clients and prospects with one of the System and Organization Controls (SOC) examinations (formerly Service Organization Controls). With a clear, thorough, and collaborative approach, experienced auditors work with clients to consult and document processes that adhere to guidelines for the various types of SOC examinations. A SOC examination allows clients to project confidence and provide independent assurance to current customers, prospects, and their financial statement auditors that processes and controls are sound.

SOC audit - AICPA SOC for Service Organizations

SOC for Service Organizations

These internal controls reports provide valuable information that users of outsourced services need to assess and respond to the risks over services provided by service organizations.

Key issues like security, availability, confidentiality, processing integrity, and privacy are reviewed and documented.

  • SOC 1:  SOC for Service Organizations – Internal Control over Financial Reporting. The performance and reporting requirements for an examination of controls at a service organization that are likely to be relevant to user entities’ internal control over financial reporting.
  • SOC 2:  SOC for Service Organizations – Trust Services Criteria. The performance and reporting requirements for an examination of controls at a service organization relevant to one or more of the following principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
    • SOC 2 for HITRUST: Designed for service organizations that desire to use the SOC 2 reporting framework to leverage both the SOC 2 Trust Services Principles and the HITRUST Common Security Framework (CSF). See our other HITRUST Services.   
  • SOC 3:  SOC for Service Organizations – Trust Services Criteria for General Use Report. The performance and reporting requirements for an examination of controls at a service organization relevant to one or more of the following principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy resulting in a general use report.

SOC for Cybersecurity

The performance and reporting requirements for an examination of an entity’s cybersecurity risk management program and related controls based on the AICPA cybersecurity reporting framework. The SOC for Cybersecurity report provides information to a broad range of stakeholders. See our other Cybersecurity Services.

SOC for Supply Chain

A voluntary reporting framework for entities that produce or distribute products. The SOC for supply chain report provides a common framework for organizations to describe their supply chain risk management efforts.

Need a SOC examination?

Even if you’re unsure which one suits your needs, simply complete the form below and one of our professionals will contact you:

SOC exams for service organizations
Learn what the different types of SOC audits are, why your service org might need one and what the benefits are
Download white paper
SOC examinations
SOC examinations
Download PDF
SOC exams for user entities
Everything you need to know about SOC audits, from when to ask a service provider for one to how to read an SOC report
Download white paper
Featured Insight

3 risks of going with the low-cost SOC audit provider

SOC audit cost can vary between providers, and that’s mostly due to service, value and quality. There are three benefits to going with a high-service provider.