Service Organization Controls (SOC) Audit
More often than ever, customers are requesting information regarding the security, availability, and confidentiality controls for their vendors. Service organizations are having to respond to security questionnaires from their clients, which is costing them time and money. Clearview Group is a leader in providing SOC reports for service organizations so they can provide assurance to their customers through a single, consistent message.
What is a SOC Report?
There are three types of SOC Reports.
|Type||What It Reports On||Who Uses It|
|SOC 1||Internal controls over financial reporting||User’s auditors and users’ controller’s office|
|SOC 2||Security, availability, processing, integrity, confidentially or privacy controls||Customer, management, regulators, 3rd parties|
|SOC 3||Security, availability, processing, integrity, confidentially or privacy controls||Publicly available|
What It Reports On: Internal controls over financial reporting
Who Uses it: User’s auditors and users’ controller’s office
What It Reports on: Security, availability, processing, integrity, confidentially or privacy controls
Who Uses It: Customer, management, regulators, 3rd parties
What It Reports On: Security, availability, processing, integrity, confidentially or privacy controls
Who Uses It: Publicly available
Clearview offers audits and readiness assessments across all three report types. We can also help clients understand which SOC report is right for them, ensuring they meet their internal and external audit needs as efficiently as possible.
Why get a SOC Report?
The Service Organization Controls (SOC) report provides assurance on various organizational controls related to security, availability, processing integrity, confidentiality or privacy. They are intended to be read by companies that outsource the operation, collection, processing, transmission, storage, organization, maintenance and disposal of information to a third party .. As a service organization, SOC 2 reports:
- Save time and money on responding to client security questionnaires
- Build trust with your clients
- Satisfy contractual requirements
- Provide insight to management, governance committees, investors, etc. on how the company is managing risk
SOC Readiness Assessment
Clearview offers a comprehensive SOC readiness assessment program that prepares companies for undergoing SOC audits. The assessment focuses not only on controls and processes but also on educating our clients on the various requirements related to SOC reporting. Whether it’s understanding the sections in SSAE18 or the principles and criteria in TSP 100, we make sure our clients understand SOC requirements. This helps to ensure SOC reports are of exceptional quality. We also take the time to guide our clients in the creation of the system description, an often lengthy and detailed narrative of the people, processes, and technology that support the product or services under review.
Our team of professionals are not only subject matter experts in industry leading technologies, control frameworks, and regulatory requirements but also especially adept at running efficient and effective projects that add the highest possible value for our clients.
At Clearview, our assessment objective extends beyond providing a review of SOC controls. We believe that a quality audit should yield useful information for management and be a valuable tool in recognizing opportunities and identifying areas that can be strengthened. In every engagement, we commit to:
- Proactive and constant communication
- Detailed timelines for milestone and key deliverables
- The achievement of the required results of any independent audit, but in a consultative manner, providing real business insight to help your business grow and thrive
- Focusing on what really matters and address key issues early
- Delivering as early as possible, in coordination with your schedule, so that work is completed well in advance of deadlines
We adhere to the highest standards of quality as evidenced by:
- Member of the AICPA Center for Audit Quality
- Registered with the Public Company Accounting Oversight Board
- Member of the AICPA Employee Benefit Plan Audit Quality Center
- Enrolled as a peer reviewer in the AICPA Peer Review program