System and Organization Controls (SOC) AttestationIt is important for service organizations to exhibit their commitment to internal controls.
System and Organization Controls (SOC) Report/Attestation Services:
In today’s market, it is important that service organizations exhibit their commitment to internal controls. A System and Organization Controls (SOC) report demonstrates this commitment to a service organization’s customers.
Our Risk Advisory and Compliance Services professionals perform SOC services for a variety of industries. When you choose Moore Colson to perform your SOC 1, 2 and 3 readiness and attestation services, you will have a team of professionals with years of SOC reporting experience.
- SOC 1, 2 and 3 Readiness Services
- SSAE 18 / SOC 1 type 1 and SOC 1 type 2 examinations and reports
- SOC 2 type 1, SOC 2 type 2, and SOC 3 examinations and reports based upon AICPA Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
The chart below provides information on the different types of SOC reports:
- Understanding the service organization
- Evaluating control objectives and controls
- Testing of controls (type 2 only)
- Evaluating management’s description and controls
Differentiators and Relevant Experience:
- Corporate Model: Moore Colson operates under a corporate model, meaning we are able to match our best people (and appropriate skill sets) with the right tasks in an unencumbered fashion. Our clients receive the best Moore Colson has to offer, and we take exceptional care to maintain our processes, standards and procedures on each engagement.
- True Partnership: Moore Colson strives to be a true business partner as opposed to just your auditor. We will invest the time and effort to fully understand your business needs, as well as your audit requirements to better serve your needs.
- Active Partner/Director Involvement: Moore Colson Partnership methodology requires heavy involvement from our Partner and Director levels. We staff our engagements with partners and directors throughout the project life cycle.
- We know SOC and Internal Controls: Moore Colson Risk Advisory and Compliance Service (RACS) team members have completed over one hundred SOC engagements for clients. Our clients have included but are not limited to companies in industries such as:
• Software as a Service (SaaS) / Application Service Providers
• Cloud / Hosting services
• Investment management
• Retirement plan services
• Healthcare technology
• Payroll providers
• Electronic payment solutions
• Claims processing and management, and related solutions
• Third party administrators
- Understanding SOC Reporting: 4 Frequently Asked Questions
- SOC 2 Reporting Guidance Update
- Exploring SOC for Supply Chain: What Your Business Needs to Know
- Understanding Your Service Provider’s SOC 1 or SOC 2 Report
- SOC Reporting: Exploring the Definition of Vendors vs. Subservice Organizations