SOC Frequently Asked Questions

As one of the region’s largest providers of high-quality SOC reports, we have compiled a library of responses to the questions we are asked nearly every day. We’re happy to share our insights, questions include:

What are SOC Reports?

System and Organization Controls (SOC) reports, formerly Service Organization Control reports, are examinations provided by CPAs in connection with system-level controls of a service organization or entity-level controls at other organizations. These engagements are performed in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 18, which is a professional standard promulgated by the American Institute of Certified Public Accountants (AICPA). 

Who needs a SOC Report?

A SOC report is often requested by organizations (user entities) that receive significant services from a service organization and the user entities’ auditors (user auditors). 

What are the types of SOC Reports?
  • SOC 1, SOC 2 - SOC for Service Organizations: Trust Services 
  • SOC 2® HITRUST
  • SOC 2® CSA STAR Attestation
  • SOC 3 - SOC for Service Organizations: Trust Services Criteria for General Use Report
  • SOC for Cybersecurity
  • SOC for Supply Chain
What are the benefits of obtaining a SOC 2 Report?

Obtaining a SOC 2 report differentiates the service organization from its peers by demonstrating the establishment of effectively designed internal corporate governance and oversight and allows customers, stakeholders – or both – to gain confidence and place trust in the service organization’s system. 

How does a service organization prepare for a SOC Report?

Prior to undergoing a SOC examination, an organization should engage a CPA firm to perform a SOC Readiness Assessment. SOC Readiness Assessments are designed to assist organizations in assessing their preparedness for a SOC examination. 


About Schneider Downs
SOC Services 

Schneider Downs employs a unique approach to SOC reports, integrating the expertise of information technology, internal audit and external audit professionals. By combining cross-disciplinary knowledge and project management expertise, we are able to effectively deliver on our clients' expectations. If you are interested in learning how we can assist your organization, please contact us to get started or learn more about our practice at www.schneiderdowns.com/soc

Does your organization need a system and organization controls (SOC) report?

contact us

Pittsburgh
Columbus
Metropolitan Washington