Service Organization Control Reporting

Your SOC report should clearly communicate your commitment to internal controls.

A successful Service Organization Control (SOC) report helps build trust and confidence by demonstrating that your organization has the necessary controls implemented and operating effectively.Regardless of your organization’s size or industry, we help you navigate the potential challenges of SOC reporting and clearly communicate your commitment to internal controls to your customers and their auditors.

Today, there are a variety of reporting options, and making the right choice isn’t always easy. We’re well-positioned to prepare and issue SOC 1, 2 or 3 assurance reports and discuss customized alternative reporting options under AICPA attestation standards. Our years of specialization and experience in SOC reporting will help you arrive at the option best suited to your specific situation.


1 Statement on Standards for Attestation Engagements.

2 Knowledgeable as to: a) the nature of the service provided by service organization, b) how the service organization’s systems interact with the systems at the user entities, subservice organizations and other parties, c) internal controls and its limitations, and d) the control objectives and how controls address them.

The RSM difference

With RSM, you can be confident knowing you’re working with a knowledgeable, dedicated staff with years of SOC experience. And our proprietary methodology and SOC-specific software help ensure your SOC engagement is handled efficiently.

When you need valuable SOC insight and tailored services, you need RSM. Give us a call to begin the discussion.

Most Popular Insights


Which SOC controls report is right for your organization?

SOC reports demonstrate the strength of financial, operational and data protection controls at your organization. However, several options exist, and it is important to determine which is appropriate.

  • David Wood


Service organizations control reporting: Going beyond financial reporting

With more stringent assurance requests regarding the effectiveness of IT controls increasing, service organizations can provide operation and compliance assurance beyond financial reporting with the SOC 2 and 3 reports.

  • David Wood

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




2017 cybersecurity outlook and key considerations for nonprofits

  • January 31, 2017


2017 economic and risk outlook

  • January 09, 2017


AML and regulatory compliance webcast series—Fall 2016

  • December 15, 2016


PCI DSS 3.2—What’s next?

  • December 08, 2016


RSM Raleigh Technology Conference

  • October 26, 2016