Close desktop login portal

Client Login

Select one of the portals below and login with your credentials

Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Contact Us

Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Contact Us

Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Mobile menu toggle
Back to menuBack to menu
Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

System and Organization Controls (SOC) Reports

The SOC standard provides service organizations with an opportunity to build trust and confidence with their customers through an independent report on internal controls.

AICPA SOC Logo

Why do I need a SOC Report?

For many service providers, the primary reason for engaging in a SOC audit is to satisfy a requirement imposed by a client or regulatory body. Customers expect their providers to provide them with assurance about policies, procedures, and controls that impact the services they buy.

When the need for an audit is not driven by a customer or regulatory requirement, service organizations may also choose to engage in an audit to build trust with their customers and their customers’ auditors by proactively demonstrating that they have established internal controls around the security of information and processing of customer data. A properly designed and executed audit helps to reduce or eliminate the need for customers to send their auditors to their service providers in order to gain comfort around internal controls.

Our Services


There are several different types of reports available to meet the needs of service organizations depending on the nature of services provided to their customers.

 

To better understand which SOC report is right for you, call (303) 721-6131 to talk to a consultant.

SOC 1

These reports are appropriate for service organizations who provide services to customers that are relevant to their internal controls over financial reporting.

SOC 2

These reports are appropriate for service organizations who provide services relevant to the security, availability, and processing integrity of the systems used to process data, as well as the confidentiality and privacy of the data during processing.

SOC 3

Similar to a SOC 2 report, these reports are appropriate for service organizations whose customers need assurance regarding controls relevant to the security, availability, and processing integrity of the systems used to process data, but do not have the need or knowledge necessary to effectively use a SOC 2 report. In contrast to a SOC 1 or SOC 2 report, these are general use reports that can be freely distributed.

SOC for Cybersecurity

These reports are appropriate for service organizations who have a need to communicate relevant, useful information about the effectiveness of their cybersecurity risk management program. Like the SOC 3 report, this is a general use report that can be freely distributed.

Not sure which report you need? Refer to the AICPA Brochure

Comparison of Reports

Table with Scope, Purpose and Users

 

 

 

Request more info

To speak to one of our professionals, fill out the form and we will be in contact shortly.