Demonstrate your commitment to internal control
As your company grows, the need for a SSAE 18 – System and Organization Controls (SOC) report increases. Not only are regulatory requirements increasing in complexity, but many of your clients may require assurance that your organization has effective controls and safeguards in place for the systems that store their data. Calvetti Ferguson skillfully provides SOC readiness and examination services. Our solutions emphasize consistency, efficiency and quality control from start to finish. We see SOC examinations as a collaborative process, and work with our clients throughout the examination to help ensure there are “no surprises”. Whether you’re looking to embark upon completing a SOC examination for the first time, or if you’re looking for more from your current SOC examiner, our team is ready to help!
Our Technology Risk Services team has helped many organizations with their SOC reporting including:
- Application service providers
- Bank trust departments
- Claims processing centers
- Cloud computing/SaaS providers
- Data centers
- Facilities management providers
- Investment management firms
- Managed service providers
- Mortgage companies
- Payroll providers
- SaaS providers
- Transportation and logistics companies
SOC 1 Reports
SOC 1 reports are prepared in accordance with SSAE 18. They are specifically intended to assist your clients in evaluating the effect of the internal controls at your organization on their financial reporting. A SOC 1 examination allows you to demonstrate to your clients that your internal controls are fairly presented, have been properly designed and have operated effectively throughout the period under review. These reports are intended to be used by management, your clients and their auditors.
SOC 2 Reports
SOC 2 reports are prepared for service organizations providing services to their clients for which a detailed understanding and assurance around internal controls at the organization is necessary. A SOC 2 examination allows you to provide information to your clients around internal controls which may be relevant to security, availability, processing integrity, confidentiality and privacy. These reports are intended to be used for vendor due diligence, organizational oversight, corporate governance / risk management and regulatory oversight.