Additional SOC Resources
If you’re a growing service organization, whether a technology provider, financial services corporation, healthcare company, or professional services firm, chances are you need a Service Organization Controls (SOC) report. After all, many of today’s Requests for Proposals (RFPs) are now requiring them, a result of increased scrutiny over third-party controls and legislative requirements such as the Sarbanes-Oxley Act of 2002 (SOX). SOC reports have also become a competitive necessity in many industries, essential to gaining client trust in your processes and controls.
However, the type of SOC report needed—as well as the benefits, components, and requirements of each—are not always clear. Furthermore, the nature and professional standards associated with SOC 1, SOC 2, and SOC 3 reports are continually evolving, leading to confusion on the part of not only service organizations, but also user entities (clients). In the following resources, we break down the evolution of SOC reports, a comparison of the report types, common questions and confusion, and details about the audit process. We discuss the value of information provided by each report in the following resources: