SOC 2 reports provide detail on controls at a service organization covering security, availability, processing integrity, confidentiality or privacy. Its use is generally restricted to certain identified users who, among other things, have some knowledge of the nature of the services that the service organization provides. The SOC 2 report can offer greater assurance to customers and stakeholders about internal controls in areas that were not meant to be covered by a SAS 70 report.
By receiving a SOC 2 compliance documentation, your organization differentiates itself from other service organizations by demonstrating its effective financial strategy and establishing itself as a professionally designed internal corporate governance and overseer. This in-depth report allows customers and/or stakeholders to gain confidence and place their trust in your company because of its efforts to provide transparency.
There are two types of SOC 2 compliance reports. The first, Type I, is a report regarding the accurate presentation of management’s description of the service organization’s system and the suitability of the design of controls to meet the applicable trust services criteria as of a specified date. The second option, Type II, is a report that showcases the information found in Type 1, but with a new focus on the effectiveness of the controls to meet the applicable trust services criteria throughout the specified period.
This report offers limited use and is primarily geared toward parties that are already knowledgeable about the nature of your provided service, along with the complementary user entity controls and how they interact with the related controls of your service organization. The firms requesting more information are also interested in how your organization’s system interacts with user entities, sub-services organizations and other third party affiliates. Those using this report will also find your organization’s internal control capabilities and limitations, along with the criteria and how the controls address those criteria.
For more information regarding the Holbrook & Manter SOC 2 services and reports, contact us today.