Skip to main content Skip to search

System and Organization Controls (SOC) Examinations

It is common for companies to outsource tasks or entire functions to a third-party service provider in today’s competitive marketplace. Relationships with these vendors can range from payroll services, data hosting, debt collection, cloud computing, and bill processing. While there are many benefits to outsourcing these functions, there are also risks.

The loss of customer data can have devastating consequences for businesses that do not implement proper financial and security controls. What is your organization doing to make sure customer data safety and security remain a top priority? This question is important to ask, especially as data security becomes a priority in today’s business landscape. In addition to being required by certain customers, a System and Organization Controls (SOC)  report demonstrates an organization’s understanding and commitment to financial and security controls to protect customer information.

Who benefits from a SOC Audit?

  • Companies who want assurance that their third-party service organizations have controls implemented to protect their data.
  • Organizations that handle confidential and private financial data. Specifically:
  • Cloud-driven technology companies, including SaaS companies, payment processors, and data outsourcing, are often required to perform SOC audits of their organizations.
  • Companies that serve high-risk industries including, but not limited to, financial services, health care, professional services, or graphic arts.

Which SOC report is right for your organization? 

  • SOC 1 ® — SOC for Service Organizations: Internal Control over Financial Reporting
    These reports are specifically designed to address controls at the service organization relevant to the reader’s financial statements.
  • SOC 2 ® — SOC for Service Organizations: Trust Services Criteria
    These reports address controls relevant to the security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information these systems process.
  • SOC 3 ® — SOC for Service Organizations: Trust Services Criteria for General Use Report
    Similar to SOC 2, these reports address controls relevant to security, availability, processing integrity, confidentiality, and privacy. However, they do not provide the same level of detail. Therefore, they are considered general use reports and can be freely distributed.

How can LB Carlson Help?

Whether you receive a request for a SOC report from a current or future customer or your organization is spending too much time completing control questionnaires, LB Carlson can help. From start to finish, we provide a seamless process that is simple, easy, and effective. Our team helps organizations navigate the nuances of SOC reporting by:

  • Assessing your readiness and determine which SOC report best suits your organization and the needs of your customers.
  • Preparing for the examination by identifying the documents that will be required.
  • Issuing reports efficiently, without surprises, to meet your tight deadline.

If this is your first SOC examination, we can provide a GAP assessment that determines your SOC readiness. By performing this GAP assessment, we identify weak spots found in your controls and recommend remediation action to ensure a successful examination.

LB Carlson has solutions to assist throughout the entire process, from assessing readiness and preparing for a SOC examination through completion of the report(s).  Contact LB Carlson to determine the best approach for you.