Compliance

AICPA SOC Compliance Audit

SOC Compliance Reports

System and Organization Controls (SOC) reports enable companies to feel confident that service providers, or potential service providers, are operating in an ethical and compliant manner. No one likes to hear the word audit, but SOC reports establish credibility and trustworthiness for a service provider — a competitive advantage that’s worth both the time and monetary investment.

SOC reports utilize independent, third-party auditors to examine various aspects of a company, such as:

Security
Availability
Processing Integrity
Confidentiality
Privacy
Controls related to financial reporting
Controls related to Cybersecurity

AICPA | SOC - www.aicpa.org/soc4so

SOC 1®– SOC FOR SERVICE ORGANIZATIONS: ICFR

SOC 1® reports are examination engagements performed by a service auditor - prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting. SOC 1 reports are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors), in evaluating the effect of the controls at the service organization on the user entities’ financial statements.

The two types of SOC 1® reports are:

(i) Type 2 - report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

(ii) Type 1 – report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

SOC 2® - SOC for Service Organizations:

Trust Services Criteria

SOC 2® reports are examination engagements performed by a service auditor in accordance with SSAE No. 18, Attestation Standards: Clarification and Recodification, which includes AT-C section 105, Concepts Common to All Attestation Engagements, and AT-C section 205, Examination Engagements, AICPA Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy(SOC 2®) using predefined criteria in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, 2017 Trust Services Criteria). SOC 2® reports can be issued on one or multiple Trust Services categories (security, availability, processing integrity, confidentiality or privacy)

The two types of SOC 2® reports are:

(i) Type 1 – A report on management’s description of the service organization’s system and the suitability of the design of the controls;

(ii) Type 2 – A report on management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls.

Use of a SOC 2® report is generally restricted.

INTEGRATION SERVICES

The OSS360 platform has been designed to easily integrate with various third party systems and APIs for the purpose of automating tasks receiving and delivering data back and forth.

Find out more

DOCUMENT DESIGN

We create professional looking custom designed document layouts that are distributed or downloaded documents in the form of statements, invoices, letters, and more.

Find out more

PROJECT PLANNING

The key to successful project implementation is precise project planning. Our project managers are among the best at coordinating, communicating, and managing overall projects with key members.

Find out more