System & Organization Controls (SOC) Reporting
CPA, CITP, HITRUST CHQP
SOC reporting was developed by the AICPA as a valuable tool for organizations to demonstrate to their customers and other key stakeholders their controls are working.
With several reporting options available, it is important to identify which SOC report is right for your organization. Reporting options include the SOC 1®, SOC 2®, SOC 3®, SOC for Cybersecurity and SOC for Supply Chain.
Step 1: Understand what the end-user entities needs included in the scope of the report
Step 2: Understand what is included in the system description
Step 3: Start your readiness assessment
Step 4: Remediate control or documentation deficiencies before the examination period begins
For organizations undertaking their first SOC examination, we strongly recommend performing a SOC readiness assessment with a qualified advisor prior to starting the examination period to help position the organization for a successful examination. The time frame can vary, but typically it takes 9-14 months from the time an organization starts the readiness assessment process, through an audit period, and ultimately to having a SOC report they can provide their customers.
Baker Tilly's SOC practice uses a variety of technology tools to streamline our service delivery model and make sharing documents and requests seamless. These tools can also make it easy for our SOC clients to work remotely and share documents and evidence needed as part of the SOC process with us. Our personnel are well versed in methods for facilitating video conferences, teleconference calls and live, online document-sharing sessions to perform SOC readiness and SOC examination services as efficiently (if not more than) if we were live on-site.
In many cases, remote SOC project services can deliver the same quality service while minimizing travel expenses and space constraints that can accompany on-site work. We also work on-site with our clients when it is more productive and beneficial. If you are considering Baker Tilly for your SOC needs, let’s discuss these options together and how they could apply in your environment. If you already use Baker Tilly for your SOC needs, please talk with your engagement team about leveraging these tools to make the SOC process as efficient and effective as possible.
Your team was fantastic to work with again this year. I compliment the amazing team you have an am looking forward to next year!Senior Vice President/Chief Technology Risk Officer of a large financial institution