SOC Service Offerings
SOC READINESS ASSESSMENTS: Your big prospect demands a SOC report and you don’t know where to start. PKF Mueller is here to help. With a SOC readiness assessment you get the benefit of our internal control expertise without the pressure and anxiety of an immediate audit. The PKF Mueller SOC team will work closely with your personnel to document existing controls and identify potential gaps and weaknesses. Our SOC readiness assessment services will allow you to establish a roadmap to remediate your internal control gaps before the audit begins; providing you with peace of mind and confidence as you undergo your first SOC audit.
SOC 1: Formerly SAS 70, this is an examination of internal controls over financial reporting that is based on AICPA’s guidance for auditors, SSAE 18. This is intended to be an “auditor to auditor” report.
SOC 2: This is an examination of operational or compliance controls (not solely financial reporting) that is focused on one or more key system attributes of security, availability, processing integrity, confidentiality, and privacy (Trust Services Criteria), depending on what is relevant and important to your customers. This is intended to be a report from company management to customer management (not auditor to auditor).
SOC 3: These examinations are the same as SOC 2 with the exception that the report does not include management’s detailed description of processes and systems, and the company can place a publicly visible SOC seal on its website with a link to the report on the stated key system attributes of security, availability, processing integrity, confidentiality, and privacy.
SOC FOR CYBERSECURITY: Concerns over cybersecurity are on the rise in many organizations and there is a growing need for businesses to demonstrate that they are effectively controlling this threat. In 2017, AICPA developed a new cybersecurity risk management reporting framework that helps organizations communicate about and CPAs report on cybersecurity risk management programs.