Assure Your Clients and Partners You’re Protecting Their Information
The purpose of a system and organization control (SOC) report is to provide reassurance that an organization’s internal controls and safeguards are effective. They are considered attestation reports.
Publicly traded companies as well as those with regulatory requirements, like companies in the finance or healthcare industries, are required to get SOC reports from companies they work with closely. There are a few variations of the SOC reports – you can find out more about them on our FAQ page.
We’ll cover SOC 1 here. You might be asked to provide a SOC 1 report if your clients outsource services to you that can materially impact their financials.
There are two types of SOC 1 reports available:
- SOC 1, Type I – A look at whether controls are properly designed, in place, and documented as of a certain point in time. This type focuses on testing the design of a service organization’s controls and not its operating effectiveness.
- SOC 1, Type II – A look at whether controls are properly designed, in place, and both documented and effective across a period of time – typically at least 3 months. This is the report auditors believe provides the assurance needed over the outsourcer’s finances.
If you’re getting requests from your customers about your internal controls over financial reporting, they’re looking for a SOC 1 report to document that you have effective internal controls in place to protect their financials.
When you get requests for a SOC 1 report, reach out to see which version you need and how we can help you complete it accurately.