System and Organization Controls (SOC) Reports
The SOC standard provides service organizations with an opportunity to build trust and confidence with their customers through an independent report on internal controls.
Request More Info
To speak to one of our professionals, fill out the form and we will be in contact shortly.
SOC reports are intended to provide comfort over processes and controls performed by the service organization and to ensure completeness and accuracy of data processed and/or to protect the confidentiality and privacy of the data being transmitted.
As an accounting firm with decades of experience dedicated to serving the financial services industry backed by professionals with Big 4 accounting firm experience, Richey May offers you the best of both worlds – all with a hands-on approach to client service.
Not sure which report you need? Refer to the AICA Brochure
Comparison of Reports
Why do I need a SOC Report?
For many service providers, the primary reason for engaging in a SOC audit is to satisfy a requirement imposed by a client or regulatory body. Customers expect their providers to provide them with assurance about policies, procedures, and controls that impact the services they buy.
When the need for an audit is not driven by a customer or regulatory requirement, service organizations may also choose to engage in an audit to build trust with their customers and their customers’ auditors by proactively demonstrating that they have established internal controls around the security of information and processing of customer data. A properly designed and executed audit helps to reduce or eliminate the need for customers to send their auditors to their service providers in order to gain comfort around internal controls.
Our Services
There are several different types of reports available to meet the needs of service organizations depending on the nature of services provided to their customers.
To better understand which SOC report is right for you, contact us below to talk to a consultant.
SOC 1
These reports are appropriate for service organizations who provide services to customers that are relevant to their internal controls over financial reporting.
SOC 3
Similar to a SOC 2 report, these reports are appropriate for service organizations whose customers need assurance regarding controls relevant to the security, availability, and processing integrity of the systems used to process data, but do not have the need or knowledge necessary to effectively use a SOC 2 report. In contrast to a SOC 1 or SOC 2 report, these are general use reports that can be freely distributed.
SOC 2
These reports are appropriate for service organizations who provide services relevant to the security, availability, and processing integrity of the systems used to process data, as well as the confidentiality and privacy of the data during processing.
SOC for Cybersecurity
These reports are appropriate for service organizations who have a need to communicate relevant, useful information about the effectiveness of their cybersecurity risk management program. Like the SOC 3 report, this is a general use report that can be freely distributed.