"Client needs" is the top reason for organizations to get SOC Audits. What's your reason?

Get Started

 


Service Organization Control (SOC) Reports


quickbook on cloud

SOC 1/SSAE16

SOC1 examinations are detailed inspections of internal controls, including business process & information technology controls, of a service organization. SOC1 provide assurance to user organizations relevant to their control over financial reporting.

Read More
Soc2 Trust service principles

SOC 2/AT 101/TSP

SOC 2 Reports are based on controls related to joint AICPA and Canadian Institute of Chartered Accountant’s trust Services principle and criteria around security, availability, process integrity, privacy and confidentiality.

Read More
soc3 reports

SOC 3/Systrust/Webtrust

SOC 3 reports are based on joint AICPA and Canadian Institute of Chartered Accountant’s trust services principle and criteria and are available for general use and distribution. SOC 3 reports can be freely distributed or posted on a website as a SysTrust seal.

Read More

Reckenen provides SOC1(SSAE 16), SOC 2(AT 101) and SOC3(SysTrust) examinations as well as SOC Readiness services to service organizations.

The three Service Organization Control reports may be summarized as follows:

  • SOC1/SSAE 16 (formerly SAS 70): SOC 1 reports, prepared in accordance with Statement for Attestation Engagements No. 16 (SSAE 16) standard, address service organization’s controls that are relevant to a user organization’s internal control over financial reporting. SOC1 examinations typically cover business process and IT general controls of a service organization. SOC 1 reports are, essentially, a means for auditor to auditor communication but service organization also use them as a means for provider to customer communication.
  • SOC 2/AT 101: SOC 2 reports are based on controls related to joint AICPA and Canadian Institute of Chartered Accountant’s trust services principle and criteria around security, availability, process integrity, privacy and confidentiality. Management of a service organization can choose to be examined on one of more of the five(5) above mentioned trust services criteria. SOC2 reports can only be distributed to current customers of service organizations.
  • SOC3/Systrust/Webtrust:  SOC 3 reports are based on joint AICPA and Canadian Institute of Chartered Accountant’s trust services principle and criteria and are available for general use and distribution. SOC 3 reports can be freely distributed or posted on a website as a SysTrust seal.

 

Resources and White Papers:

  • SSAE 16 & SAS 70
    Why SSAE 16 (SAS 70) is necessary for service organizations

Reckenen AICPA Membersoc examination reckenen vscpa Arlington Chamber of Commerce Northern Virginia Technology Council quickbooks outsourced bookkeeping bill.com outsourced bookkeeping Spring Ahead Partner better business bureau