More than just providing assurance, SOC reporting can help build trust with your stakeholders
Reliance on outsourcing to save money and gain efficiencies continues to grow, but so, too, does the trust gap as you share your critical data with third parties. SOC reporting assures customers and stakeholders that your business has the appropriate controls in place - for both your business processes and information technology (IT) - to protect your financial and client data.
Many traditional industries - for example, payroll processors and loan servicers within financial services - have relied on SOC 1 reports to assure they have proper controls in place for years. Increasingly, a wider set of industries - like FinTech and tech-enabled logistics companies - are also relying on SOC reporting processes. These processes offer a cohesive, repeatable process where companies can assess once and then report out to many stakeholders.
SOC reporting can:
Tune in to our podcast series to learn more.
PwC Digital Assurance and Transparency professionals can bring expertise and insight to your reporting process. By navigating the complexities of SOC reporting with the help of a skilled and independent auditor, you can obtain the following:
A SOC 1 report focuses on outsourced services that impact a company’s financial reporting. By providing a SOC 1 report, companies can effectively communicate information about their risk management and controls framework to multiple stakeholders, providing the assurance and confidence they demand. SOC 1 reports are ideally suited for businesses that handle financial information for their clients, such as payroll processors and loan servicers. SOC 1 reports are often provided to services organizations’ customers and their auditors.
A SOC 2 report covers controls such as security and privacy and can benefit many stakeholders. SOC 2 builds upon the required common criteria (security) to address one or more of the AICPA trust services principles, including: availability, confidentiality, processing integrity, and privacy. SOC 2 reports can be used by service organizations in any industry to serve the needs of a broad set of stakeholders. They are often applicable for businesses with sophisticated supply chains and those offering digital services.
Born out of the regulatory imperative to secure Protected Health Information (PHI), the HITRUST CSF offers a certifiable framework covering many different security and privacy related imperatives.
As a Certified HITRUST assessor, PwC is authorized by the HITRUST Alliance to perform readiness, remediation, and certification assessment work using the HITRUST CSF. Additionally, we served on the AICPA task force aligned with the responsibility of mapping the HITRUST CSF into the SOC 2 framework to enable SOC 2+HITRUST reporting.
