System and Organization Control Reporting

Your SOC report should clearly communicate your commitment to internal controls.

A successful System and  Organization Control (SOC) report helps build trust and confidence by demonstrating that your organization has the necessary controls implemented and operating effectively. Regardless of your organization’s size or industry, we help you navigate the potential challenges of SOC reporting and clearly communicate your commitment to internal controls to your customers and their auditors.

Today, there are a variety of reporting options, and making the right choice isn’t always easy. We’re well-positioned to prepare and issue SOC 1, 2,3 or SOC Cyber assurance reports and discuss customized alternative reporting options under AICPA attestation standards. Our years of specialization and experience in SOC reporting will help you arrive at the option best suited to your specific situation.

1 Statement on Standards for Attestation Engagements.

2 Knowledgeable as to: a) the nature of the service provided by service organization, b) how the service organization’s systems interact with the systems at the user entities, subservice organizations and other parties, c) internal controls and its limitations, and d) the control objectives and how controls address them.

The RSM difference

With RSM, you can be confident knowing you’re working with a knowledgeable, dedicated staff with years of SOC experience. And our proprietary methodology and SOC-specific software help ensure your SOC engagement is handled efficiently.

When you need valuable SOC insight and tailored services, you need RSM. Give us a call to begin the discussion.

Most Popular Insights


Which SOC controls report is right for your organization?

SOC reports demonstrate the strength of financial, operational and data protection controls at your organization. However, several options exist, and it is important to determine which is appropriate.

  • David Wood


Service organizations control reporting: Beyond financial reporting

Service organizations can provide operation and compliance assurance beyond financial reporting with the SOC 2 and 3 reports.

  • David Wood

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.

Learn more