System and Organization Controls (SOC) Attestation & Reporting
We are dedicated to providing the most effective and comprehensive SOC attestation services for our diverse group of clients. We bring the depth of experience of the Big 4, without the Big 4 price. We deploy a SOC methodology that is the best in the business by offering efficient and practical approaches that are based on each client's unique operating processes and infrastructure, as well as compliance and business needs. Help your organization stand out by completing a SOC attestation that provides value-add to your organization and customers.
Expertise to Help You Succeed
SOC attestation services must be performed by a licensed CPA firm with the appropriate expertise in all areas. FoxPointe partners with The Bonadio Group, a Top 40 CPA firm that brings an integrated world of resources to every client, large or small, to provide dedicated SOC resources and experts who are heavily involved in every step of the engagement.
SOC Audit Reporting Services
We can help you with multiple reporting options made available by the AICPA to allow you to demonstrate transparency to your customers, stakeholders, and/or prospects.
- SOC 1 Report: A restricted report on controls at a service organization relevant to user entities’ internal control over financial reporting.
- SOC 2 Report: A restricted report intended to meet the needs of a broad range of users needing detailed information and assurance about the controls at a service organization relevant to security, availability, processing integrity, confidentiality, and privacy of the systems and the information stored, transmitted, or processed by the systems.
- SOC 3 Report: A general use report providing assurance about the controls at a service organization relevant to security, availability, processing integrity, confidentiality, and privacy, but do not have the need for or the knowledge necessary to make effective use of a SOC 2® Report.
- SOC for Cybersecurity: A reporting framework through which organizations can communicate relevant information about the effectiveness of their cybersecurity risk management program to meet the cybersecurity information needs of a broad range of users, both internal and external to your organization.
- SOC for Vendor Supply Chain: Currently under development by the AICPA, this report is an internal controls report on an entity's system and controls for producing, manufacturing, or distributing goods to better understand the cybersecurity risks in their supply chains.
There are two types of SOC 1 and SOC 2 reports:
- Type 1 – Report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.
- Type 2 – Report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.