Skip to content Skip to footer

Loading Results

System and Organization Controls (SOC) Reporting

More than just assurance over financial reporting, SOC helps you stay a step ahead of uncertainty

Does your organization endure high volumes of client and stakeholder requests for assurance?
Does your company need assurance from the vendors that handle your sensitive data?

SOC reporting can help

Both internal and external stakeholders demand trust and transparency. And because risk management is an enterprise-wide concern, many organizations devote significant time and resources to deliver assurance.

Any organization can provide insight and stakeholder assurance through with SOC reporting. It offers a cohesive, repeatable reporting process where companies can assess once and report out to many stakeholders. SOC reporting can:

  • reduce compliance costs and time spent on audits and filling out vendor questionnaires
  • meet contractual obligations and marketplace concerns through flexible, customized reporting
  • proactively address risks across your organization
  • increase trust and transparency to internal and external stakeholders

Playback of this video is not currently available

PwC's Todd Bialick discusses how organizations are using privacy as a value driver

Trust as an asset: SOC reporting issues that can help, or hinder, building crucial trust 

Is your organization struggling to provide its stakeholders with the assurance they need around risk management and controls? SOC reporting provides a broad range of assurance reporting frameworks that can enhance trust and address transparency issues.

But there are several different types of SOC reports, making it hard to know which fits your SOC specific needs. Our blog series addresses this uncertainty and helps management highlight the need to confirm that internal controls are sufficient, even for third party assurance.

What type of SOC report is right for your organization?

Do you need to report to regulators on controls over financial reporting?

Does your company rely on vendors to process and safeguard your sensitive data—or are you a vendor entrusted with sensitive data? SOC 2 reports cover controls such as security and privacy and may be used by leaders in internal audit, risk management, operations, business lines and IT, as well as regulators.

SOC 2+
Do you need to extend beyond the accepted trust services principles to address other compliance and regulatory frameworks, such as NIST, HITRUST or GDPR? 

Do you need a simpler report to support your marketing purposes and to share with anyone?

How PwC can help

System and Organization Controls (SOC) reporting provides a broad range of assurance reporting services (SOC 1, SOC 2, SOC 2+ and SOC 3) to address trust and transparency issues, such as risk management. With both financial and nonfinancial reporting options available, organizations can ensure they apply the right set of controls and communicate vital information to stakeholders.

PwC Trust and Transparency professionals can bring expertise and insight to your reporting process. Further, a skilled and independent auditor can help your organization navigate the complexities of SOC attestation and reporting by:

  • Performing a readiness assessment using the relevant SOC framework and provide recommendations for improvement or identify areas with potential gaps
  • Developing a SOC report that organizations can share with customers, or other auditors, to provide transparency into the control environment
  • Creating a customized SOC report that meets specific industry or customer requirements, such as a SOC 2+ for the pharmaceuticals industry, NIST, HITRUST or GDPR


Contact us

Todd Bialick

Todd Bialick

Digital Assurance and Transparency Leader, PwC US

Kevin O'Connell

Kevin O'Connell

ESG Assurance Leader, PwC US

Follow us