Service Organization Control (SOC) Reports
Have you been asked to produce a SOC report as part of an RFP response or from a potential client? Are the auditors of your existing client asking if you undergo a SOC audit? While SOC reports are time-consuming, they do provide a basis for a general set of controls and testing that allows your organization to be audited once, instead of from every client. In general, SOC 2® reports are used for the controls over IT. SOC 2® reports can be either a type I or type II report. The type I report is a review of the control design, while a type II is both a control design and effectiveness testing. OCD Tech is a provider of SOC 2®, SOC 3®, and SOC for Cybersecurity® services.
Report Types
SOC 2® Reports report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.
SOC 3® reports are designed to meet the needs of users who want assurance on the controls at a service organization but do not have the need for a SOC 2® report.
The AICPA has developed a cybersecurity risk management reporting framework that assists organizations as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs.
Contact Us
SOC Reporting Service Sheet
