System and Organization Control (SOC) Options

Today, it is common for entities to outsource business tasks or functions to service organizations, even those that are core to an entity’s operations.  Although user entities may rely on a service organization to perform outsourced tasks or functions, the user entity retains responsibility for the service it provides to its customers, even if those services are affected by the work performed by a service organization.  For that reason, user entities may seek assurance regarding a service organization’s controls intended to protect the service organization, user entities, and customers of the user entities from the potential risks associated with these services.

Click here to learn why maintaining the security of customer data may win (or lose) business. 

It is vital that service organizations demonstrate adequate controls and safeguards when they host or process data belonging to their user entities. System and Organization Control (SOC) engagement reports help build trust and confidence in those controls, processes and safeguards. The SOC team at Smith & Howard can help your entity build that confidence and trust with your customers by offering several SOC engagement and reporting options based on your needs and the services you provide.

SOC 1 – Reporting on Internal Controls over Financial Reporting

SOC 2 – Reporting on Controls Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

SOC 3 – General Use Report on Controls Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

SOC for Cybersecurity – Reporting on Controls Relevant to an Entity’s Cybersecurity Risk Management Program

SOC for Vendor Supply Chains – Coming this year

Benefits of SOC reports include:

  • Increased ability to market to, attract and retain quality customers
  • Satisfaction of external audit requirements
  • Documentation of internal control structure
  • Increased customer confidence
  • Enhanced risk management
  • Compliance with regulatory requirements

Examples of businesses that would benefit from SOC reports include:

  • Health care claims management and processing
  • Credit card payment processors
  • Payroll companies
  • Fulfillment and logistics businesses
  • Debt collection agencies
  • Bill payment processors
  • Investment managers
  • Third Party Administrators (TPAs)
  • Telecommunication businesses
  • Technology related services, including Software as a Service providers, data ceneters, hosting and technology services

Choosing the right professionals to serve your SOC reporting needs is a critical element of success. To learn more about our SOC team or for more specific information about which SOC report might be right for you and your business, please fill out the contact form below or call Marvin Willis or Debbie McGlaun at 404-874-6244.

Related News and Media

Questions? Contact Us

With real-world CFO experience on our team, we bring a true understanding of the issues C-level executives face.

J. Sean Spitzer

Partner