Because businesses rely on service providers to protect and safeguard private, confidential or other sensitive information that they choose to share with these service providers .This necessitates some level of assurance that the service provider is maintaining a sound control environment. AICPA’s SOC framework, allows service providers to demonstrate their compliance with established, standard guidelines regarding Information Security, Processing Integrity, Confidentiality, Availability and Privacy.
It is important to note that not every SOC report is the same and we will work with you to customize a report and approach that is sufficient and appropriate to meet your precise and unique needs.
An audit of internal controls over financial reporting. Think of it like this: if the service you perform provides a number that affects the financial status of your customer, this might apply to you.
An audit over one, to all five, of the Trust Services Principles (TSP’s). What are the TSP’s? Security, Availability, Processing Integrity, Confidentiality, and Privacy. (This audit is typically very IT focused.)
Similar to a SOC 2 audit, this covers IT controls related to Security, Availability, Processing Integrity, Confidentiality, and Privacy, but has less detail presented about internal processes and results of the auditors testing and is most generally used for marketing purposes.
As digital security breaches continue to pop up around the world, this new SOC report focuses on highlighting an organization’s efforts to prevent, monitor and effectively handle any cyber security threats.
Before having a SOC audit performed, it may be appropriate for an organization to learn more about itself and the controls it currently has in place, while also preparing it for the actual execution of a SOC report.
Our clients include businesses that process, manage, store, and connect to private, confidential and sensitive information of others – and require a strong, multi-faceted CPA firm to provide assurance to their customers and others, via the SOC framework that they are complying with the standard guidelines above.