Skip to main content

Service and Organization Controls (SOC)
​Assurance Report

Give your customers confidence about your ability to protect their data

Service and Organization Controls report

 Whether under American Institute of CPAs (AICPA) SSAE18, UK’s ISAE3000, or NZ’s SAE3150, a Service and Organization Controls (SOC) assurance report provides your customers insight into your organisation and assurance on the controls of your organisation. A SOC report can cover several control areas, ranging from governance, communication and risk management to technical security and privacy controls.

​AICPA SOC2 Certification

SOC is the gold standard among the security and privacy certifications. It is highly recommended when you want to expand your business to overseas customers, especially to the USA. Our team will help you in implementing SOC1, SOC2 and SOC3 in a highly cost-effective way

Book a Free Consultation

When do you need a SOC report?

If you offer your services through your cloud (SaaS or IaaS) platform to your customers. Your customers might require you to have a SOC report as a service provider to have confidence and assurance in your controls to protect their data. In most cases, these customers are in the USA or have ties with the USA and sometimes the UK. Another reason you might want to pursue a SOC assurance statement is to attract more customers from the USA or UK. A SOC report, based on SAE 3402 or SSAE 16, is a powerful marketing instrument to attract the attention of customers, especially from these countries.

SOC 1,2 or 3 model?

 Depending on the needs of your customers you can choose to pursue a SOC 1,2 or 3 assurance report. Note that SOC 3 is just a stripped public version of SOC1 or SOC2 that you can obtain after getting a SOC1 or SOC2 assurance report.

Purpose of SOC reportWhich controls are covered in your report
SOC1Assurance for your customers financial statementsControls relevant to your customers financial reporting
SOC2Assurance to customers or other stakeholders on Security, Confidentiality, Processing integrity, Availability and/or Privacy Controls on Security, Confidentiality, Processing integrity, Availability and/or Privacy
SOC3To provide potential customers and the public assurance on your controls General information on Security, Confidentiality, Processing integrity, Availability and/or Privacy 

Report on Testing
Type 1
Description of organisation’s systems and control objectives
The auditor’s opinion on the fairness of that description
The auditor’s opinion on the design of controls to achieve the control objectives
At a specific point in time
Type 2Description of organisation’s systems and control objectives
The auditor’s opinion on the fairness of that description
The auditor’s opinion on the design of controls to achieve the control objectives
The auditor’s opinion on the operating effectiveness of the implemented controls to achieve the control objectives
Over a period, usually 6 months

Type 1 or 2?

 Besides the above-mentioned SOC models, there are two levels of assurance you can choose from for each of the models.
Book a Free Consultation

Method

 Achieving a SOC assurance statement might seem to be an expensive and daunting process. But it really doesn’t have to be. We have developed an efficient method to help you achieve your SOC aspirations or obligations.

Next Steps

We provide you a free consultation to explain what SOC means to you, whether it is the best choice for your business and how that relates to your other certifications or compliance obligations. Contact us here for a free consultation.

Book a Free Consultation