Skip to content Skip to footer

Loading Results

System and Organization Controls (SOC) Reporting

More than just providing assurance, SOC reporting can help build trust with your stakeholders

Build trust. Protect your company’s most critical assets

Reliance on outsourcing to save money and gain efficiencies continues to grow, but so, too, does the trust gap as you share your critical data with third parties. SOC reporting assures customers and stakeholders that your business has the appropriate controls in place - for both your business processes and information technology (IT) - to protect your financial and client data.

Many traditional industries - for example, payroll processors and loan servicers within financial services - have relied on SOC 1 reports to assure they have proper controls in place for years. Increasingly, a wider set of industries - like FinTech and tech-enabled logistics companies - are also relying on SOC reporting processes. These processes offer a cohesive, repeatable process where companies can assess once and then report out to many stakeholders.

SOC reporting can:

  • drive trust and transparency with internal and external stakeholders
  • increase efficiencies while reducing compliance costs and time spent on audits and vendor questionnaires
  • meet contractual obligations and market concerns through flexible, customized reporting
  • proactively address risks across the organization

How can SOC reporting help you build trust with your stakeholders?

Tune in to our podcast series to learn more.


Ready to begin your SOC reporting journey?

Three ways we can help

PwC Digital Assurance and Transparency professionals can bring expertise and insight to your reporting process. By navigating the complexities of SOC reporting with the help of a skilled and independent auditor, you can obtain the following:

  • A readiness assessment aligned to the relevant SOC framework, including recommendations for improvement and identification of potential gaps prior to a SOC examination
  • A SOC report you can share with customers and other auditors to provide transparency into your control environment
  • A customized SOC report that meets specific industry or customer requirements, such as NIST, HITRUST or GDPR

Which SOC report is right for your business?

The cornerstone of trust in financial reporting

A SOC 1 report focuses on outsourced services that impact a company’s financial reporting. By providing a SOC 1 report, companies can effectively communicate information about their risk management and controls framework to multiple stakeholders, providing the assurance and confidence they demand. SOC 1 reports are ideally suited for businesses that handle financial information for their clients, such as payroll processors and loan servicers. SOC 1 reports are often provided to services organizations’ customers and their auditors.

Helping companies report on internal controls beyond financial reporting

A SOC 2 report covers controls such as security and privacy and can benefit many stakeholders. SOC 2 builds upon the required common criteria (security) to address one or more of the AICPA trust services principles, including: availability, confidentiality, processing integrity, and privacy. SOC 2 reports can be used by service organizations in any industry to serve the needs of a broad set of stakeholders. They are often applicable for businesses with sophisticated supply chains and those offering digital services.

Not just a health industry requirement

Born out of the regulatory imperative to secure Protected Health Information (PHI), the HITRUST CSF offers a certifiable framework covering many different security and privacy related imperatives.

As a Certified HITRUST assessor, PwC is authorized by the HITRUST Alliance to perform readiness, remediation, and certification assessment work using the HITRUST CSF. Additionally, we served on the AICPA task force aligned with the responsibility of mapping the HITRUST CSF into the SOC 2 framework to enable SOC 2+HITRUST reporting.

Contact us

Todd Bialick

Todd Bialick

US Digital Assurance and Transparency Leader, PwC US

Jay Schaldecker

Jay Schaldecker

Digital Assurance and Transparency Partner, PwC US

Carolyn Holcomb

Carolyn Holcomb

Privacy Assurance Leader, ESG Partner, PwC US

Kevin O’Connell

Kevin O’Connell

ESG Trust Solutions Leader, PwC US

Follow us