Trust & Transparency
Are you a service provider who wants to build credibility and trust with your customers and stakeholders? Or are you a company that is looking for reassurance from your vendors in the services that they provide you?
With the growing trend in outsourcing services comes the increasing demand for trust and transparency over the internal controls of these service providers. We are able to provide an independent assurance report over the organisation's internal controls in accordance with the international reporting standards, ISAE 3402 and ISAE 3000 in the form of Service Organisation Controls (SOC) attestation.
Benefits of SOC reporting
|
How PwC can help you
PwC professionals can bring expertise and insight to your SOC reporting process. We can help your organisation to navigate the complexities of SOC attestation by:
- Evaluating the suitability of each SOC reporting options based on your organisation's needs, including benefits and potential drawbacks
- Assessing your organisational readiness state for SOC attestation, helping you to define the scope and boundaries of reporting and providing you with recommended solutions on the gaps identified
- Identifying and evaluating your organisation's internal controls which are relevant for SOC reporting
- Guiding you on the development of SOC report contents
The two types of SOC reporting are as follows:
SOC 1
- Do you need an assurance report on the effectiveness of internal controls over financial reporting at a service organisation?
- Are your customers and their auditors demanding rights to audit your organisation's internal controls and systems for the purpose of meeting their financial statutory reporting requirements?
An ISAE 3402 or SOC 1 report will address your requirements. The SOC 1 report provides assurance on description of systems, design and operating effectiveness of controls that are relevant to financial reporting.
SOC 2
- Do you want to strengthen your position as a competitive service provider?
- Do you want to increase your customer's confidence that you have controls in place to protect their data from the privacy, integrity and availability requirements? Do you want to assure them that you have controls in place to fulfill your committed services?
The ISAE 3000 or SOC 2 report will address your requirements. The SOC 2 report provides an assurance on the description of systems, design and operating effectiveness of controls that are relevant to the 5 Trust Services Principles - Security, Availability, Processing integrity, Confidentiality and Privacy.
