Service Organization Control Reports

Are clients confident that their data is safe with you?

Give them a reason to feel secure.

Many companies outsource tasks or entire functions to service organizations. Even though these functions are outsourced, it's the companies' responsibility to ensure effective controls are in place. Our dependency on technology continues to increase, and so do threats like data breaches, back-up failures and fraud. In fact, information technology related risks are at an all-time high. It's even been said that we are in the midst of a "cyber war" as we continue to see data breaches make headline news almost daily.

Your customers need assurance that their data is safe. It is imperative to have your technology policies and procedures evaluated. Service Organization Control (SOC) Reports can provide this confidence to your stakeholders, customers and their auditors.

Kaufman, Rossin & Co.'s SOC services are designed to minimize business disruption, meet compliance requirements and improve internal controls.

We bring extensive skills and decades of experience in analyzing and evaluating internal control structure: we've been business consultants and auditors, evaluating internal controls for fifty years. Kaufman, Rossin assesses internal controls for more than 200 audit clients annually. This experience with internal controls and project management helps usperform well planned, efficient SSAE 16 Readiness services and Type I and Type II audits.

The following reports provide information about your controls to help your customers assess and address the risks associated with your services.

SOC 1 Report Report on Controls at a Service Organization Relevant to User Entities' Internal Control over Financial Reporting (SSAE 16)

  • This report, also known as a Statement on Standards for Attestation Engagements No. 16 or SSAE 16, meets the needs of user entities' management and auditors as they evaluate the effect of a service organization's controls on a user entity's financial statement assertions.

SOC 2 Report - Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

  • This report is for those who need to understand internal controls at a service organization as it relates to security, availability, processing, integrity, confidentiality or privacy.

SOC 3 Report - Trust Services Report for Service Organizations

  • This report is for those users who want assurance on a service organization's controls related to security, availability, processing integrity, confidentiality or privacy, but don't have the need for the detailed and comprehensive SOC 2 Report. Systrust or Webtrust seals can be used in a service organization's marketing efforts.

For a detailed comparison, please reference the AICPA.

Which SOC Report Is Right for You?

Will the report be used by your customers and their auditors to plan/perform an audit of their financial statements (or for compliance with the Sarbanes-Oxley Act)? Yes SOC 1 or SSAE No. 16
Will the report be used by your customers/stakeholders to gain confidence and place trust in your services? Yes SOC 2 or 3 report
If the report will be used by your customers/stakeholders to place trust in your services, do you need to make the report readily available or provide a seal? Yes SOC 3 Report or Systrust / Webtrust

If you have questions about SSAE 16, Systrust or Webtrust, or are interested in a free consultation, feel free to contact us.