SOC Assurance and Compliance

SOC reporting can help you remain competitive.

As a service organization, you need to accurately communicate the integrity of your financial internal controls, data security, availability, processing integrity, confidentiality and privacy to customers and/or their auditors. An appropriate service organization control (SOC) report should help establish the trust and confidence that’s so crucial in today’s highly competitive marketplace.

A dedicated staff to help you make the right choice

Today, however, there are a variety of reporting options, and making the most appropriate choice for your organization can be challenging. Which report best conveys what you need your users to know? Is the best fit a SOC Type 1 report; or, would a SOC 2 or SOC 3 report be better?

At RSM we have a staff dedicated to helping service organizations across the world in this very specialized area. Our SOC assurance experts will help you navigate compliance challenges so that you can clearly communicate your organization’s commitment to internal controls.

Be ready for your SOC audit

Are you planning SOC audit engagement? If so, how confident are you that your organization is really prepared?

We often recommend a readiness review to identify potential deficiencies with sufficient time to remediate and retest the controls prior to a company’s formal SOC audit.

RSM specializes in SOC reporting

At RSM, SOC reporting is an area of specialization, not an add-on service. Our team has helped hundreds of service organizations:

  • cloud or co-location providers
  • software as a service (SaaS) providers
  • third-party administrators
  • credit card processors
  • fund administrators
  • and many more

Every day, we work with companies like yours to confirm the proper focus is placed on relevant controls and processes. Our years of experience, proprietary methodology and SOC-specific software mean that your SOC engagement will be handled efficiently.

You’ll receive just the right amount of personal attention from our professionals - at RSM, we understand the importance of not disrupting your business. In addition, our team members hold a variety of professional credentials and have access to the latest SOC thinking as firm representatives on a variety of SOC committees and boards.

When you need valuable SOC insight and tailored services, you need RSM. Give us a call to begin the discussion. 

RSM’s comprehensive SOC compliance services include:

Most Popular Insights


SOC 2 common criteria: Addressing key changes in updated guidance

With the AICPA releasing changes to SOC 2 guidelines, service organizations must be aware of new demands and necessary framework adjustments.

  • Melissa Harp, Danny Collins, Mike Hielscher


SOC update: What recent changes mean for your internal control reporting

Service organization control (SOC) reports are in high demand, but recent updates have changed how internal control environments are communicated.

  • David Wood


The three pillars of a proactive risk-based vendor management program

As the use of outsourcing increases and garners more regulatory attention, the development of a strong vendor management program has become essential.

  • Joseph Benfatti, Anthony Baca


Managing cloud risks with service organization controls

Service organization controls (SOC) reports can help to determine if potential cloud providers can meet or exceed your safety and privacy demands.

  • David Wood, Dean Evans


Which SOC controls report is right for your organization?

SOC reports demonstrate the strength of financial, operational and data protection controls at your organization. However, several options exist, and it is important to determine which is appropriate.

  • David Wood

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




ERP implementation risks and their impact on your organization

  • March 29, 2017


2017 cybersecurity outlook and key considerations for nonprofits

  • January 31, 2017


2017 economic and risk outlook

  • January 09, 2017


AML and regulatory compliance webcast series—Fall 2016

  • December 15, 2016


PCI DSS 3.2—What’s next?

  • December 08, 2016