Tevora’s quality, comprehensive
System and Organization Controls (SOC) assessments
enable you to achieve and maintain SOC compliance,
providing assurance to your business partners and clients.
The outsourcing of core and non-core functions to third party service providers is helping businesses increase their efficiency and profitability. With this, the growing concern over enterprise risks that are difficult to identify, manage, and monitor has prompted organizations to require third parties provide them with System and Organization Control (SOC 1, 2, or 3) reports. These reports are intended to help organizations understand the internal controls present at third party service providers.
Our consultants provide extensive security knowledge and can test against both strategic and technical concepts to ensure your SOC report is defensible and accurate.
The SOC 1 reports focus solely on controls at a service organization that are likely to be relevant to user entities’ internal control over financial reporting. This information is useful when an audit of an individual user entity’s financial statement occurs. The SOC 1 report follows guidelines from the AICPA’s statement on Standards for Attestation Engagements No. 18 (SSAE 18, formerly SSAE 16).
The SOC 2 reports address controls at a service organization related to the Trust Service Principles (TSPs) of security, availability, processing integrity, confidentiality and privacy. Use of these reports is restricted. The SOC 2 reports follow AT Section 101.
SOC 3 reports address the same subject matter as SOC 2 reports but the use of these reports is not restricted. These reports may be used by anyone and can be posted on a website under a seal. To allow for public use, the report is typically redacted to remove any proprietary and confidential information.
At Tevora, we assist organizations in preparing these SOC reports using a three-phased approach
1. SOC Readiness Assessment
We establish the scope of the attestation, evaluate the current-state verses desired state and provide treatment recommendations.
- Writing security policies
- Implementing security controls
- Providing business process reengineering recommendations
3. SOC Attestation
Our consultants will assess your organization’s adherence to the SOC control requirements and work with you to ensure the report reflects accurate system boundaries, tone, design and implementation of processes.