System and Organization Controls: SOC Suite of Services
System and Organization Controls (SOC) is a suite of service offerings CPAs may provide in connection with system-level controls of a service organization or entity-level controls of other organizations. Learn more about the SOC suite of services offerings here.
System and Organization Controls: SOC Suite of Services
The SOC suite of services includes the following SOC engagements:
- SOC 1® - SOC for Service Organizations: ICFR. To provide management of the service organization, user entities, and the independent auditors of user entities’ financial statements with information and a services auditor’s opinion about controls at a service organization that are likely to be relevant to user entities’ internal control over financial reporting.
- SOC 2® - SOC for Service Organizations: Trust Services Criteria. To provide service organization management, user entities, business partners, and other parties with information about controls at the service organization relevant to security, availability, processing integrity, confidentiality, or privacy to support users’ evaluations of their own systems of internal control.
- SOC 3® - SOC for Service Organizations: Trust Services Criteria for General Use Report. To provide interested parties with a service auditor’s opinion about the effectiveness of controls at the service organization relevant to security, availability, processing integrity, confidentiality, or privacy.
- SOC for Cybersecurity. To provide general users with useful information about an entity’s cybersecurity risk management program for making informed decisions.
- SOC for Supply Chain. To provide specified users with information about the controls within the entity’s system relevant to security, availability, processing integrity, confidentiality, or privacy to enable users to better understand and manage the risks arising from business relationships with their supplier and distribution networks.