United States

Service organizations control reporting: Beyond financial reporting


Download the white paper

Service organizations are receiving an increasing number of requests for assurance regarding the effectiveness of the controls over their information technology environment. Previously, organizations provided a SAS 70 controls report to meet these demands, but this report focused more on financial reporting controls than operational and compliance risks.

In response to the requests for assurance beyond financial reporting risks, the American Institute of Certified Public Accountants (AICPA) has established a series of options for the reporting of controls at service organizations, known as service organization controls (SOC) reports (SOC 1, SOC 2 and SOC 3).

This white paper focuses on the SOC 2 and 3 reports, which provide operational and compliance assurance. The reporting process can be complex, but the end result is more accurate information regarding the design and effectiveness of your internal controls.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.

Learn more