@ini_set( 'upload_max_size' , '256M' ); @ini_set( 'post_max_size', '256M'); @ini_set( 'max_execution_time', '300' );
soc reporting

System and Organization Controls (SOC) Reporting

SOC reporting provides your customers with the assurance they want or require as a condition of doing business with you. In addition, a well-designed SOC program is an effective means to identify and manage financial, operational, system, and/or cybersecurity risk through one or more of the following AIPCA SOC Suite of Services:

SOC FOR SERVICE ORGANIZATIONS

  • SOC 1®: Formerly SAS 70 / SSAE 16, this is an examination of internal controls over financial reporting that is based on AICPA’s guidance for auditors, SSAE 18. This is intended to be a report from the service organization’s auditor to its customers’ auditor.
  • SOC 2®: This is an examination of operational or compliance controls (not solely financial reporting) that is focused on one or more key system attributes of security, availability, processing integrity, confidentiality, and privacy (Trust Services Criteria), depending on what is relevant and important to your customers. Also based on AICPA’s guidance for auditors, SSAE 18, this is intended to be a report from the service organization’s management to its customers’ management (not auditor to auditor).
  • SOC 3®: SOC 3® examinations are the same as SOC 2® with the exception that the report does not include management’s detailed description of processes and systems, and the company can place a publicly visible SOC seal on its website with a link to the report on the stated key system attributes of security, availability, processing integrity, confidentiality, and privacy.

SOC FOR CYBERSECURITY

Introduced by AICPA in April 2017, this report is similar to a SOC 2®, but it is intended for a broader audience (your customers and their auditors) that are interested in knowing about your company’s risk management program for cybersecurity, including information about your systems, processes and controls for detecting, preventing and responding to breaches.

SOC FOR VENDOR SUPPLY CHAINS

Introduced by the AICPA in March 2020, SOC for Supply Chain is a voluntary framework that might be the most efficient approach for your organization to:

  • Communicate information to your customers about your manufacturing, production, and/or distribution systems, as well as the effectiveness of your controls to mitigate supply chain risks; and
  • Obtain information from your suppliers to gain an understanding of the risks of doing business with them.

Prior to SOC for Supply Chain, most organizations would typically rely on a variety of non-standard and other sources to obtain an understanding of supply chain risks – information provided by the supplier themselves, the organization’s internal auditor findings from assessments performed at each (or key) suppliers, or other programs such as from the International Organizations for Standardization (“ISO”) certification.

FGMK SOC EXAMINATION AND REPORTING SERVICES

FGMK understands how critical your projects and programs are to your organization’s success. Our experience and knowledge allow us to create efficient and effective reporting processes that include the following SOC services:

EXAMINATION – We perform our SOC examination under the guidance of the American Institute of Certified Public Accountants (AICPA) Statement on Standards for Attestation Engagements No. 18 (SSAE No. 18). Our experienced SOC professionals make the examination easier for you from planning through completion. We leverage our tools and templates to execute our controls testing in an efficient and effective manner so you can stay focused on running your business. We understand that SOC reports are a reflection of both your service organization and FGMK, so we focus on preparing SOC reports you will be proud to share with your customers.

READINESS – We help you identify and document controls to meet your objectives. We have the tools, templates and experience to help you right size your SOC solution according to your requirements. We leverage our deep understanding of business processes and information technology to assist you in identifying controls to mitigate risks in your environment.

TECHNOLOGY – Regardless of the type of SOC report your company needs, information technology systems and security are at the core. We combine technology and IT audit skills with the knowledge necessary for a complete SOC strategy. We also draw on the resources of our technology company, Netrix, that provides complete technology design and implementation solutions.

Michael H. Becker

847.964.5342

shape shape shape shape shape

FGMK understands how critical your projects and programs are to your organization’s success.

shape shape shape shape shape
Background

Stay current with us

Sign up for our newsletter to receive the latest in thought leadership, webinars, news, and resources.

background