SOC Reporting
System and Organization Controls
Understand Data Risks You May Face
If your company interacts with the personal data of your client's customers (e.g., financial transactions, personal identification information, or electronic health data), then you need to know-and your clients need to trust-that you're safeguarding that data just as they would.
A System and Organization Control (SOC) report helps you understand any risks you may face as you steward your client's data and whether your controls are sufficient. SOC reporting, developed by the American Institute of Certified Public Accountants (AICPA), provides the criteria CPAs use to evaluate the design and effectiveness of your systems and controls.
Providing a Level of Assurance to Your Clients
An effective SOC will do more than provide a level of assurance to your clients, it will help you improve your business. We understand how to work with small to mid-size companies and will tailor our advice to make sense for your size, structure and resources.
SOC 1
SOC 1 focuses on your company's controls over financial reporting to your clients.
SOC 2
SOC 2 focuses on your company's controls relevant to five Trust Service Principles: security, privacy, availability, confidentiality and processing integrity of your client's customer data. It is typically provided to a company's clients, regulators or other stakeholders.
SOC 3
SOC 3 is similar to SOC 2 in that it provides the auditor's opinion on whether your controls meet the five Trust Services criteria, but it does not include detailed descriptions of the tests performed or your systems and is suitable for sharing with any interested party.
WBL Certifications
