System and Organization Controls: SOC Suite of Services
System and Organization Controls (SOC) is a suite of service offerings CPAs may provide in connection with system-level controls of a service organization or entity-level controls of other organizations.
Learn more about the SOC suite of services, below:
Internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service
- SOC 1®— SOC for Service Organizations: ICFR
- SOC 2®— SOC for Service Organizations: Trust Services Criteria
- SOC for Service Organizations: SOC 2® HiTrust
- SOC for Service Organizations: SOC 2® CSA STAR Attestation
- SOC 3® —SOC for Service Organizations: Trust Services Criteria for General Use Report
A reporting framework through which organizations can communicate relevant useful information about the effectiveness of their cybersecurity risk management program and CPAs can report on such information to meet the cybersecurity information needs of a broad range of stakeholders
Under Development: SOC for Vendor Supply Chains
An internal controls report on a vendor’s manufacturing processes for customers of manufacturers and distributors to better understand the cybersecurity risk in their supply chains
Formerly, SOC referred to service organization controls.