SOC reporting provides your customers with the assurance they want or require as a condition of doing business with you. In addition, a well-designed SOC program is an effective means to identify and manage financial, operational, system, and/or cybersecurity risk through one or more of the following AIPCA SOC Suite of Services:
SOC FOR SERVICE ORGANIZATIONS
SOC FOR CYBERSECURITY
Introduced by AICPA in April 2017, this report is similar to a SOC 2, but it is intended for a broader audience (your customers and their auditors) that are interested in knowing about your company’s risk management program for cybersecurity, including information about your systems, processes and controls for detecting, preventing and responding to breaches.
SOC FOR VENDOR SUPPLY CHAINS
Introduced in April 2017, this currently is in process of being developed by the AICPA, who indicates that this is “an internal controls report on a vendor’s manufacturing processes for customers of manufacturers and distributors to better understand the cybersecurity risk in their supply chains”. FGMK will provide additional information as it becomes available from the AICPA.
FGMK SOC EXAMINATION AND REPORTING SERVICES
FGMK understands how critical your projects and programs are to your organization’s success. Our experience and knowledge allow us to create efficient and effective reporting processes that include the following SOC services:
READINESS – we help you identify and document controls to meet your objectives. We have the tools, templates and experience to help you right size your SOC solution according to your requirements. We leverage our deep understanding of business processes and information technology to assist you in identifying controls to mitigate risks in your environment.
EXAMINATION – we perform our SOC examination under the guidance of the American Institute of Certified Public Accountants (AICPA) Statement on Standards for Attestation Engagements No. 18 (SSAE No. 18). Our experienced SOC professionals make the examination easier for you from planning through completion. We leverage our tools and templates to execute our controls testing in an efficient and effective manner so you can stay focused on running your business. We understand that SOC reports are a reflection of both your service organization and FGMK, so we focus on preparing SOC reports you will be proud to share with your customers.
TECHNOLOGY – regardless of the type of SOC report your company needs, information technology systems and security are at the core. We combine technology and IT audit skills with the knowledge necessary for a complete SOC strategy. We also draw on the resources of our technology company, Netrix, that provides complete technology design and implementation solutions.
View more Thought Leadership articles from FGMK