System and Organization Controls
With identity theft, cyber security breaches, and fraud on the rise, companies are being forced to pay closer attention to the protection of both company and customer information. As a third-party service provider, you are likely receiving requests from clients and prospects for an independent review of your internal controls. We are able to provide these reviews, which are known as System and Organization Controls (SOC) examinations.
Protecting your customers. Protecting you.
Diverse SOC Clientele
Companies that typically need a SOC report are organizations that perform outsourced services on behalf of their customers, including: financial services/payroll processors, healthcare claim processors, software as a Service (SaaS) providers, network administrators, managed security service providers, ISP and web hosting service providers, application service providers, co-location data centers, cloud computing providers, financial services processors, customer support call centers, accounts receivable processors, credit recovery managers, trust departments, transfer agents, financial custodians and mortgage servicers.
SOC Examination Experience
KraftCPAs has been performing service organization examinations for well over twenty years. We were one of the first firms in the country to issue a SOC 2. KraftCPAs SOC Examination Team has extensive system and organization controls experience and professional credentials.
Benefits of an SOC Examination
A SOC examination provides you with independent assurance that your company’s internal controls are working properly. It also sends a message to current customers that they can rely on your company to accurately and securely handle their information. In addition, a SOC 3 (associated with the Trust Services Principles) can be posted on your website and used as a marketing tool to attract new customers.
What’s Involved in a SOC Examination
Like a financial statement audit, a SOC attestation report can only be issued by a CPA. But because of the sophisticated technology intrinsic to many service organizations, few firms have the high-level of technological skill and credentials needed to perform SOC examinations. We assign a team of experienced, management-level CPAs and technology professionals to each SOC engagement.
We review the company’s policies, procedures, and controls that relate to specific control objectives (SOC 1) or trust services criteria (SOC 2) for the outsourced functions provided for clients or customers. The standards are separated into three different types of reports using two different methods. If you’re not sure which SOC report you need or if you fear that your controls aren’t adequate, we can assist you.