Independent Service Organization Control Reporting
Build stakeholder trust and confidence in your internal processes and controls with an independent Service Organization Control (SOC) assessment.
Crowe Horwath LLP specializes in SOC services and provides quality SOC reporting for public and private organizations across various industries throughout the country. Using an established and proven framework, our strong team of SOC specialists help service organizations address their individual needs. We issue independently derived findings based on specific procedures performed on clearly defined subject matter.
Our SOC services include:
- SOC 1 Examination – Give your stakeholders assurance. A SOC 1 examination results in a formal, independent report on controls that affect user entities’ financial reporting process or SOX 404 key controls. Service organizations have the option to issue a Type 1 or Type 2 report:
- Type 1 – report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.
- Type 2 – report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
- SOC 2 Examination – obtain independent assurance that your security, availability, processing integrity, confidentiality, and/or privacy controls are effective. A SOC 2 examination can play an important role in oversight of your organization, vendor management programs, internal corporate governance, and risk management processes. This examination provides detailed information about your service organization’s systems and can be adapted based on the needs of your customers.
- SOC 2+ Examination – demonstrate compliance within your risk management framework. Service organizations are often required to confirm compliance with different control frameworks based on the industry in which they operate. Such as:
- National Institute of Standards and Technology Cybersecurity Framework
- Cloud Security Alliance Cloud Controls Matrix
- Health Information Trust Alliance Common Security Framework
- COBIT 5
- Committee of Sponsoring Organizations of the Treadway Commission 2013 Framework
- International Organization for Standardization 27001
Because these control frameworks generally map to the AICPA’s Trust Services Principles, a SOC 2+ report can be an effective tool to represent the design and operating effectiveness of controls related to these frameworks.