Scribd
Upload
5 views

An Intro To SOC

Uploaded by

keerthanakkdk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

An Intro To SOC

Uploaded by

keerthanakkdk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

An Intro to SOC

(System and Organization Controls)


By JayaSankar S, TUV SUD South Asia
What is a SOC Report?
Previously known as SSAE16 and SAS70 report, System and Organization Controls
(SOC) reports, help organizations to establish trust and confidence in their services
or products, including their delivery processes and controls. To receive a report
from a certified public accountant (CPA), an organization must undergo
assessment/s performed by an independent third-party and subsequently the report
be attested by a CPA.
SOC REPORTING PROVIDES MULTIPLE
BENEFITS TO YOUR ORGANISATION
In today’s world customers, regulators, and business partners are becoming
increasingly concerned about how their data is being properly protected by the
service provider organizations. On the other hand, these service organizations have
been facing growing challenge of demonstrating data security through multiple
standards & various reporting frameworks to respond to their customers.

A comprehensive approach through CPA (Certified Public Account) attested SOC


Reports, offers the below advantages:

1. Gain competitive advantage - and provide confidence to your stakeholders and


customers on maintaining the highest standards for information security

2. Increase trust and transparency towards stakeholders - to meet contractual


requirements and concerns

3. Address risks proactively - and reduce compliance costs and drive control
maturity within your organization
Types of SOC Reporting
SOC 1 :

SOC 1 Reports are designed for organizations that provide services for their clients
which has relevance to the users’ financial controls. This report can save an
organization's time and money by addressing various common control-related
questions that arise from multiple user auditors.

SOC 2:

SOC 2 reports are designed for organizations that provide information to user
entities about non-financial controls. The report outlines effectiveness of an
organization's internal and security controls implemented to safeguard customer
data. The controls are reviewed against the AICPA’s 5 Trust Service Principles
including Security, Availability, Confidentiality, Processing Integrity, and Privacy.
This report gives your organization a competitive edge over others who cannot
prove their SOC2 Compliance.

SOC 3:
Designed for organizations that provide information to user entities about non-
financial controls, addressing the same controls as SOC 2 reports. However, the
details in this report contain significantly less information with no description of
tests of controls. This report is available for the use of the public and for wider
distribution for the purpose of marketing.
HOW TO GET SOC (Type 1/ Type 2) Reports?

Choosing the kind of SOC report is one step, whereas choosing the reporting type
is the next crucial step. This step is extremely crucial and important as there is a big
difference between the two report type. The key distinctions between the two
reports is that while one addresses controls of a specific date
(Type 1) the other addresses controls over a specified time period (Type 2).
For Type 1 assessments the assessor will only check the adequacy of controls to be
implemented by the customer. The effectiveness of the implementation is to be
checked during a Type 2 assessment. If any deviation is found, the assessed
company must react on the findings by closing them or providing management
acceptance. It is also important to note that the Type 1 and Type 2 reports are
terminology for SOC 1 and SOC 2 reports.
Thank you

Please reach out for more details Follow us on:


JayaSankar S
Mobile: +91 8097562621
Tel.: +91 80-41280857
Email: [email protected]
Website: www.tuv-sud.in

You might also like