SOC1/SSAE18, SOC2 and SOC3
An organization’s responsibility to ensure the integrity of its IT systems extends to any third party service organizations that are used. To help achieve that level of assurance, third party service organizations are expected to be able to provide the companies they serve with the appropriate Service Organization Control (SOC) report which documents the third party’s internal controls and the results of testing.
CohnReznick’s Service Organization Control Practice is a highly specialized team of CPA, CISA, CITP and CISSP professionals that focuses exclusively on conducting SOC1/SSAE18, SOC2 and SOC3 audits, as well as internal control assessments, attestations, penetration tests and firewall assessments for service organizations. The typical engagement process includes:
- Pre-assessment: We can produce a custom report of established and recommended SOC procedures for your consideration.
- Identification of control objectives: We help to identify the business process and IT control objectives to be examined.
- Examination execution: We work with internal managers to craft a description of the system and ensure that relevant identified controls are tested.
- Finalization and delivery: We identify issues, develop specific recommendations for improvement and deliver a final SOC report.