System & Organization Controls (SOC) Reporting

Your clients need assurance that the private and sensitive data they entrust to you is secure. At Mauldin & Jenkins, our team of experts is dedicated to providing a comprehensive and extensive report of your system and organization controls. 

SOC for Cybersecurity

The new AICPA SOC for Cybersecurity is based on the Trust Service Principles of Availability, Integrity, and Confidentiality but is a general, openly shared report.  The SOC for Cybersecurity uses 19 different description criteria (based on the aforementioned TSPs) and is specific to reporting on an entities efforts and operating effectiveness of its controls over its Cybersecurity Risk Management Program (CRMP).  The SOC for Cybersecurity was designed specifically to work with the AICPA's CRMP, which is another type of Cybersecurity Framework. Other popular Cybersecurity Frameworks such as: HiTrust CSF, NIST 800-53 CSF, COBIT 5, and ISO 27001/2, exist and can still be used in a SOC for Cybersecurity engagement.

Service Organization Controls (SOC) Reports

SOC 1 Reports

SOC 1 reports are designed to provide an opinion on the client's design of system and organization controls (SOC) for Type I and testing operating effectiveness for Type II. SOC 1 typically covers Management's Assertions and system over Internal Controls on Financial Reporting.

SOC 2 Reports

SOC 2 reports are for outlining a service organization's internal controls related to the 5 Trust Service Principles (TSPs):  Confidentiality, Availability, Integrity, Security, and Privacy.

A SOC 2 is a restricted use report.

SOC 3 Reports

SOC 3 reports are for outlining a service organization's internal controls related to the 5 Trust Service Principles (TSPs): Confidentiality, Availability, Integrity, Security, and Privacy.

SOC 3 is a general use report.  

SOC Gap Analysis/Readiness Engagement

A consulting engagement aimed at helping a client get ready for a SOC for Cybersecurity, or a SOC 1, 2 or 3 Audit.

practice leader

Close Menu