SOC Basics

The purpose of a SOC audit is to provide user entities (clients) with attestation over the design and operating effectiveness of the reporting entity’s (service provider’s) controls.

Currently, there are four types of SOC reports available:

  1. SOC 1
  2. SOC 2
  3. SOC 3
  4. SOC for Cybersecurity

Our Approach – We Do the Heavy Lifting

As part of the SOC examination process, I.S. Partners will perform a Readiness or GAP assessment to:

  • Identify control activities to meet each of your objectives or criteria
  • Determine potential test procedures and evidence available to satisfy each
  • Provide recommendations for greater control activities and/or documentation

I.S. Partners SOC for Supply Chain seal of approval

A Proposed New Guidance: SOC for Vendor Supply Chain

As the AICPA continues to explore new ways to help organizations protect their data and internal technology, a SOC for Vendor Supply Chain guidance has been proposed.

The SOC for Supply Chain assurance examination and report would create new criteria to be used when reporting on an entity’s production, manufacturing or distribution system in an effort to clearly understand the cybersecurity risks within their supply chains.

Why the Call for this New Guidance?

As demand for transparent vendor supply chains increases, the development of this new attest service is critical. The SOC for Supply Chain report would provide relevant and reliable information on risk to an organization’s supply chains, thus allowing that organization to mitigate risk.

As organizations continue to rely on technology to assist in their product distribution and manufacturing, risks increase. For example, a cybersecurity attack on a manufacturer’s system could render a significant impact on the user entity of the product.

Intended Users of SOC for Vendor Supply Chain Reports

The discussed report would be most beneficial to the following users:

  • Business customers
  • Business partners
  • Non-regulatory, standard-setting bodies
  • Prospective customer or business partners

How to Manage Your Organization Vendor Supply Chains in the Meantime

While the AICPA continues to refine the exposure draft on SOC for Supply Chain Reports, we encourage you to reach out to our team to help you prepare. You can call us at 215-675-1400 or send us a message.

We’re anxiously awaiting the official word from the AICPA on this report. In the meantime, we can help you prepare with a readiness assessment. Reach out to one of our I.S. Partners specialists today!

Learn more about SOC for Vendor Supply Chain

Creating a checklist ahead of tackling your first Statement of Standards for Attestations Engagements 18 (SSAE 18) Service Organization Control (SOC) 1 Audit will help…

Read Article

The Functions and Importance of Relying On Service Organizations Like Yours As you explore the different types of service organization control (SOC) reports available to…

Read Article

Have you recently received a client request for a SOC (Service Organization Controls or System and Organization Controls) report that has left you scratching your…

Read Article

Frequently asked questions

  • What is the difference between a Type I audit and a Type II audit?

    A Type I audit results in a report on management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specific date. A Type II audit is the same as a Type I audit but with a report on the operating effectiveness of the controls throughout a specified period.

  • Why is I.S. Partners qualified to perform SOC audits?

    I.S. Partners, LLC is a Certified Public Accounting firm registered with the AICPA (American Institute of Certified Public Accountants) and PCAOB (Public Company Accounting Oversight Board), and is managed by a group of highly-seasoned partners who have vast experience in performing SAS 70 / SSAE 16 / SOC audits, FISMA, HIPAA HITECH, Sarbanes-Oxley (Section 404) management self-assessments, Model Audit Rule compliance, and other specialized information technology audits.

Request a Quote

Get hassle-free pricing in 3 easy steps:

  • Step 1: Send us a message
  • Step 2: Allow us to create a customized plan
  • Step 3: We’ll get you an accurate, no-obligation quote
[form_name]

Start Here

Request a Quote

Please fill out the fields below and one of our specialists will contact you shortly. Want to speak to us now? Call us at (866) 335-6235

Request a Quote (Keep)

I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.

Sending
I.S. Partners

Your choice regarding cookies on this site

This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.