What is a SOC Report and Who Needs One?

What are SOC reports?

System and Organization Controls (SOC) reports, formerly Service Organization Control reports, are examinations provided by CPAs in connection with system-level controls of a service organization or entity-level controls at other organizations. These engagements are performed in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 18, which is a professional standard promulgated by the American Institute of Certified Public Accountants (AICPA).

Who needs a SOC report?

A SOC report is often requested by organizations (user entities) that receive significant services from a service organization and the user entities’ auditors (user auditors). Reasons why organizations or their auditors might request to review a SOC report include:

  • Organizations need assurance regarding effective internal control as it relates to SOX, applicable trust services principles and/or categories, HIPAA, PCI, HITRUST and/or other laws, regulations or frameworks.
  • User entities (and prospective users) need transparency regarding a system providing services, and assurance that relevant inherent risks are effectively mitigated (i.e., vendor risk management).
  • Other organizations may need to provide their users with useful information about their cybersecurity risk management program in order for their users to make informed decisions.

About Schneider Downs
SOC Services 

Schneider Downs employs a unique approach to SOC reports, integrating the expertise of information technology, internal audit and external audit professionals. By combining cross-disciplinary knowledge and project management expertise, we are able to effectively deliver on our clients' expectations. If you are interested in learning how we can assist your organization, please contact us to get started or view more SOC FAQ's at www.schneiderdowns.com/soc-report-faq

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
SOC 2 – The Importance of Leadership Buy-In
What’s the Difference Between SOC 1 and SOC 2 Reports?
M&A Activity on the Rise in 2021
Benefits of a System and Organization Controls (SOC) Report
Earnouts in Today’s Environment
How Internal Audit Can Assist with SOC Reviews at Higher Education Institutions
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

[email protected]
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

[email protected]
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102

[email protected]
p:571.380.9003

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×