Overview of Service Organization Controls (SOC) Reporting Options

Service organizations typically find themselves in situations in which they must report on their internal controls to respond to customer or regulatory requests, to maintain a competitive advantage, or to provide transparency to their customers. In the past, service organizations have relied upon Statement on Auditing Standard No. 70 (SAS 70) reports as a means to satisfy their users’ reporting needs; however, for periods ending on or after June 15, 2011, SAS 70 reports are no longer permitted to be issued. Several different reporting options are available to meet specific user needs.