SOC™ Reporting Framework

The SAS 70 reporting standard is no longer in effect for independent service auditor reporting. There is now a comprehensive framework of three Service Organization Control (SOC) reports from which to choose, depending upon the outsourced services provided and the needs of the “end users” of the report.

SOC Report Comparison

End Users of the Report Why What
SOC 1™ Users' management and users' auditors. Audits of financial statements or internal control. Controls relevant to user financial statement reporting. Type I (point in time) and Type II (period of time) reporting options.
SOC 2™
  • Management
  • Regulators
  • Others
  • Oversight
  • Due diligence
  • Compliance programs
  • Concerns regarding security, availability, processing integrity, confidentiality or privacy. Type I and Type II reporting options.
    SOC 3™ Any users with the need for confidence in the service organization's controls. Marketing purposes. Details of controls and tests of controls are not needed. Seal on website. Simple, easy-to-read report on controls. Type II reporting option only.

    Which SOC Report is Right for You?

    Will the report be used by your customers and their auditors to
    plan/perform an audit of their financial statements?
    Yes SOC 1
    Will the report be used by your customers and/or stakeholders to gain confidence and place trust in your system? Yes SOC 2 or SOC 3
    Do you need to make the report generally available or post the seal on your website? Yes SOC 3

    Deciding Between a SOC 2 and SOC 3 Report

    Do your customers need to see the details of your processing and controls, including the detailed tests performed and the results of those tests? Yes SOC 2
    No SOC 3

    Sikich Can Help

    The professionals at Sikich have extensive service auditor reporting experience and can help you understand your reporting options. We also provide a full range of readiness services and can help your organization prepare for your first successful service auditor examination.

    ©2017 All Rights Reserved.
    connect with Sikich
    • Facebook
    • Twitter
    • LinkedIn
    • You Tube
    • Google+
    Sikich LLP.

    power by HYPERONIX