Service Organization Controls (SOC) Reporting

Keeping you a step ahead of uncertainty

Enhance your brand

With global outsourcing a rapidly increasing trend in business operations, the need for greater trust and transparency into vendors’ operations, processes and results becomes a strategic imperative. But many organizations struggle to provide the assurance their customers need through accurate controls reporting. That’s where we come in. PwC’s Trust and Transparency Solutions practice helps companies provide the assurance stakeholders require through Service Organization Controls (SOC) reporting. By staffing our engagements with individuals who possess relevant industry knowledge and deep experience in delivering SOC reports, we can fulfill your attestation reporting needs and deliver an independent, tailored, and customized attestation.

loading-player

Playback of this video is not currently available

PwC's Joseph Griffin discusses how the service organizations that support businesses can convey trust, customization and transparency to their customers.

SOC 1: Clearly articulate information on controls over financial reporting 

To provide stakeholders with increased transparency into your financial controls and meet regulatory requirements requiring controls attestation, PwC can prepare a SOC 1 report for your organization. Also known as a SSAE 16 or AT 801 report, the SOC 1 Report is designed to address internal controls over financial reporting.  In 2016, AT 801 was revised and enhanced by AT-C Section 320 within revised SSAE 18. Therefore, SOC 1 reports dated on or after May 1, 2017 will be issued under AT-C 320 and known as SOC 1 reports going forward. PwC’s SOC 1 engagement provides independent assurance on controls over processes related to financial reporting that have been outsourced to a third party.

SOC 2 and 3: Safeguard data and information: controls over non-financial reporting

With the advent and growing use of cloud-based storage solutions, there is also an increasing demand for assurance over the management and security of sensitive data. Companies who rely on third parties to use, store, and dispose of critical data need comfort that their service provider’s control environment is strong and able to protect both financial and non-financial information. To satisfy regulators’ and other stakeholders’ demands for assurance around internal controls over non-financial reporting, a SOC 2 or SOC 3 report focuses on controls specific to security, availability, processing integrity, confidentiality, and privacy.

SOC 2+: Meet contractual obligations or other marketplace requirements

PwC helped pioneer the continued evolution of SOC reporting to meet the needs of stakeholders that go beyond traditional SOC 1 and SOC 2 reporting.  Expanding on SOC 2 to include additional criteria specific to users needs, we can provide vendor attestation reporting (SOC 2+) to meet contractual commitments, reducing or even eliminating the need for onsite visits from your users.  Many companies are now leveraging this approach by addressing HITRUST requirements through a SOC 2+ attestation and HITRUST certification. This is just one example of how organizations can leverage an enhanced SOC 2 to meet specific industry or user needs. 

Offering a broad range of Assurance Reporting services (SOC 1, SOC 2 and 3, SOC 2+ and Agreed Upon Procedures), PwC makes it possible for service organizations to approach both existing and prospective customers with confidence, and to convey the trust and transparency that those customers expect and need.

A large storage and information management company, responsible for storing, protecting, and managing its customers’ information was routinely asked by customers to complete vendor questionnaires and agree to on-site audits. As a result, the company was spending a considerable amount of time, money, and resources responding to these requests.

What we did:

PwC was brought in to perform a SOC 2+ readiness assessment. Together with the information management company, PwC analyzed and reconciled the multiple vendor requests and incorporated relevant Trust Services principles to build a custom SOC 2+ report.

The result:

The SOC 2+ assessment and report provided benefits to both the customer and vendor. The information management company was able to eliminate the vendor questionnaire process and their customers no longer requested on-site audits. Through this solution, both the customer and vendor will save considerable time, money, and resources.

 

A large storage and information management company, responsible for storing, protecting, and managing its customers’ information was routinely asked by customers to complete vendor questionnaires and agree to on-site audits. As a result, the company was spending a considerable amount of time, money, and resources responding to these requests.

What we did:

PwC was brought in to perform a SOC 2+ readiness assessment. Together with the information management company, PwC analyzed and reconciled the multiple vendor requests and incorporated relevant Trust Services principles to build a custom SOC 2+ report.

The result:

The SOC 2+ assessment and report provided benefits to both the customer and vendor. The information management company was able to eliminate the vendor questionnaire process and their customers no longer requested on-site audits. Through this solution, both the customer and vendor will save considerable time, money, and resources.

 
Read our case study

Provide stakeholder comfort and manage outsourcing risks

PwC’s SOC Reporting services can help you:

  • Increase trust and transparency with your internal and external stakeholders.
  • Enhance your ability to proactively address risks across your organization.
  • Drive competitive advantage through transparent controls reporting.
  • Reduce your cost of compliance and decrease number of on-site audits and vendor questionnaires.
  • Achieve compliance with contractual commitments and regulatory requirements.
loading-player

Playback of this video is not currently available

PwC’s Todd Bialick discusses the importance of inspiring trust and transparency for your business partners.

Contact us

Todd Bialick
Partner, Trust and Transparency Solutions Leader
Tel: +1 (973) 236 4902
Email

Joseph Griffin
Partner, Service Organization Controls (SOC) Reporting Leader
Tel: +1 (678) 419 1480
Email

Follow us