Delivering Assurance and Structure

System and Organization Controls (SOC) reports are valuable tools for your organization to provide assurance to your customers. There are three different types: SOC 1, SOC 2, and SOC 3. In addition, a SOC Readiness Assessment is available prior to conducting a full SOC 1 or 2 engagement.

SOC Readiness Assessment

If you need a SOC report for the first time, we recommend starting with a SOC readiness assessment. During a readiness assessment, we will evaluate your preparedness through reading policies and procedures, assessing the design of your system, and determining if controls have been implemented to meet each of the control
objectives or trust services criteria. You will then have time to remediate any deficiencies identified prior to commencing a SOC 1 or SOC 2 engagement.

SOC Reports Defined

SOC 1 reports provide your customers with assurance over the financial controls in place at your organization. There are two types:

  • Type I report is that of an audit held on a specific date
  • Type II report is more rigorous and is based on the testing of controls over a period of time

SOC 2 reports provide your customers with assurance over the controls in place at your organization relevant to the 5 Trust Services Categories (TSCs) established by the American Institute of Certified Public Accountants (AICPA). TSCs include: security, availability, processing integrity, confidentiality, or privacy. There are also two types:

  • Type I confirms that controls are in place
  • Type II confirms that controls are in place and effective

SOC 3 reports focus on TSCs, but contain less detail as test results and opinions are not included in the report. A SOC 3 report is considered a general use report and can be used as marketing material.

Key Benefits of a SOC Report or Assessment

  • Builds trust with customers and prospects
  • Can be utilized as marketing material to gain a competitive advantage
  • Streamlines your processes
  • Identifies deficiencies in your systems, processes, and controls

AICPA - SOC logo

System & Organization Controls (SOC) Reports Team

Director Rosemary Rehner Headshot Rosemary Rehner CPA, CEPA · Director
Ryan Bidlack Headshot Ryan N. Bidlack · IT Principal
Ryan P. Arlia CPA · Senior Manager
2023_IPA 300