SOC Basics

The purpose of a SOC audit is to provide user entities (clients) with attestation over the design and operating effectiveness of the reporting entity’s (service provider’s) controls.

Currently, there are four types of SOC reports available:

  1. SOC 1
  2. SOC 2
  3. SOC 3
  4. SOC for Cybersecurity

Our Approach – We Do The Heavy Lifting

As part of the SOC examination process, I.S. Partners will perform a Readiness or GAP assessment to:

  • Identify control activities to meet each of your objectives or criteria
  • Determine potential test procedures and evidence available to satisfy each
  • Provide recommendations for greater control activities and/or documentation

A Proposed New Guidance: SOC For Vendor Supply Chain

As the AICPA continues to explore new ways to help organizations protect their data and internal technology, a SOC for Vendor Supply Chain guidance has been proposed.

The SOC for Supply Chain assurance examination and report would create new criteria to be used when reporting on an entity’s production, manufacturing or distribution system in an effort to clearly understand the cybersecurity risks within their supply chains.

Why The Call For This New Guidance?

As demand for transparent vendor supply chains increases, the development of this new attest service is critical. The SOC for Supply Chain report would provide relevant and reliable information on risk to an organization’s supply chains, thus allowing that organization to mitigate risk.

As organizations continue to rely on technology to assist in their product distribution and manufacturing, risks increase. For example, a cybersecurity attack on a manufacturer’s system could render a significant impact on the user entity of the product.

Intended Users Of SOC For Vendor Supply Chain Reports

The discussed report would be most beneficial to the following users:

  • Business customers
  • Business partners
  • Non-regulatory, standard-setting bodies
  • Prospective customer or business partners

How To Manage Your Organization Vendor Supply Chains In The Meantime

While the AICPA continues to refine the exposure draft on SOC for Supply Chain Reports and we anxiously await the final word, we encourage you to reach out to our team to help you prepare.

Get a Quote Book a Free Consultation

get started

Get a Customized Quote

Please fill out the form below to schedule a free 30 minute consultation. This consultation will allow us to create a customized plan and an accurate, no-obligation quote.

Great companies think alike.

Join hundreds of other companies that trust .S. Partners for their compliance, attestation and security needs.

Scroll to Top