SOC examinations provide management with assurance regarding the effectiveness of an organization's internal controls, while also providing insights for opportunities to improve internal controls and risk mitigation activities.
Obtaining a SOC report has become increasingly relevant for organizations of all sizes, as the report demonstrates that effective internal controls and related safeguards have been implemented.
Does your organization need a SOC Report? Take our brief quiz to help answer the question.
Does your organization outsource or provide outsourced services for critical business functions or processes (e.g., payroll, collections, inventory management and logistics, claims processing, investment management, processing transactions, storing data) or information technology operations (e.g., managed service provider (MSP), infrastructure-as-a-service (IaaS) or data center)?
Do the financial statement auditors of your organization's customers (user entities) request System and Organization Controls (SOC) reports for your organization and/or request to perform audit procedures on your organization's activities for the services provided to customers?
Do contracts with your organization's customers or prospective customers require you to provide a System and Organization Controls (SOC) report or have a right to audit clause?
Do you receive requests from your customers or prospective customers to provide System and Organization Controls (SOC) reports?
Does your organization use or provide applications that are software-as-a-service (SaaS) or platform-as-a-service (PaaS)?
Does your organization store, process or transmit confidential information or sensitive data (e.g., personally identifiable information (PII), personal health information (PHI), proprietary customer information, credit cards) on behalf of customers?
Does your organization need assurance regarding information security and/or compliance requirements (e.g., HIPAA, HITRUST, PCI, FISMA, ISO 27001, etc.) or is your organization operating in a regulated environment?
Does management of your organization want to obtain assurance regarding the internal controls at your organization relative to security, availability, confidentiality, processing integrity and/or privacy?
p: 614.621.4060 f: 614.621.4062