Service Organization Reports (SOC)

SOC 1, SOC 2 & SOC 3: SAS 70 / SSAE 16 Audit Reports

Formerly SAS 70 audit reports, the American Institute of Certified Public Accountants has rebranded reports that Service Organizations may need to undergo as Service Organization Reports or "SOC". SOC 1, SOC 2 and SOC 3 reports are described below.

Three types of SOC reports exist to meet the individuals' needs of the users of the report and the compliance needs of the service oganization:

SOC 1 Report - Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting. 

This is also known as a Statement on Standards for Attestation Engagements No. 16 or SSAE 16. Please click here to learn more about our SOC 1: SSAE 16 Examination Services. 

SOC 2 Report - Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting.

This report is to be used to meet the needs of a broad range of users that need to understand internal control at a service organziation as it relates to security, availability, processing integrity, confidentiality and privacy.  Please click here to learn more about our SOC 2 Report Services. 

SOC 3 Report - Trust Services Report for Service Organizations.

The report is intended for users who desire assurance on the controls at a service organization related to the security, availability, processing integrity, confidentiality, or privacy but do not have the need for a SOC 2 Report.  Please click here to learn more about our Trust Services.

SOC Reporting Guide

For a further understanding of the differences in SOC reporting standards, please click here for our concise SOC comparison document.