Service Organization Control (SOC) Reports

Best Practice Expertise That Provides A Competitive Edge

As a service provider seeking to differentiate yourself from your competitors, you understand the importance of demonstrating the establishment and effective operation of internal controls for your customers.  SC&H Group can provide guidance as to which type of organization control report(s) your customers and their auditors need.

Applicable… SOC-1 SOC-2 SOC-3
Standard SSAE 16: AICPA Guide (2011) AT 101: AICPA Guide (2011) AT101: Technical Practice Aid
Controls Internal Controls over Financial Reporting Security/Systems, Privacy Security/Systems, Privacy
Controls reference Undefined Trust Services Principles/GAAP Trust Services Principles/GAAP
Usage of Report User auditor, management of service organization, management of user Knowledgeable parties (see AT 101) Anyone

SC&H has significant audit expertise with SOC reporting frameworks. The SC&H audit team can address compliance mandates for reporting on controls at regulated service organizations:

Whether conducting the audit or working with other auditors, SC&H’s SOC audit practice works closely with a company’s auditing process, providing best practices assurance for thorough and timely reporting.