SOC Reporting icon

SOC Reporting

Companies are increasingly outsourcing business processes and IT functions to service organizations. If your business provides services to other entities, those entities may want assurance when it comes to the risks and controls associated with these services, often in the form of a service organization controls (SOC) report. This is especially true if your services include sensitive information, such as patient health data or financial transactions. SOC reports provide essential information that can build trust in processes, controls, and safeguards.

Lumsden McCormick’s team of certified public accountants can provide an efficient and affordable approach to SOC reporting. Whether your needs call for SOC 1, SOC 2, or SOC 3 reporting, we’ll design a customized approach to help your organization benchmark and compare internal controls against industry best practices.

SOC 1 Report (SSAE 18)

As an internationally recognized third-party assurance audit, a SOC 1report is designed for service organizations in order to demonstrate adequate control and integrity of financial reporting.  A SOC 1 Report is becoming an essential requirement as organizations are faced with increased regulatory scrutiny. 

Benefits of a SOC 1 Report include:

  • Instant credibility,
  • Confirmation that controls, procedures, and processes are in place the way management intends them to be,
  • Independent assessment of controls,
  • Potential to grow market share, and
  • Reduction of third-party self-assessment questionnaires.

We can help you prepare for your first SOC 1 audit by conducting readiness assessments and ensuring compliance with SSAE 18 requirements. We can also help you understand SOC Type I and Type II assurance levels.

SOC 2 Report

A SOC 2 Report will help you achieve the highest IT reporting standard and the most recognizable third-party assurance report. SOC 2 engagements use the predefined criteria of Trust Principles set by the American Institute of Certified Public Accountants including:

  1. Security — The system is protected against unauthorized access.
  2. Availability — The system is available for operation and use as committed or agreed.
  3. Processing integrity — System processing is complete, accurate, timely, and authorized.
  4. Confidentiality — Information designated as confidential is protected as committed or agreed.
  5. Privacy — Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice, and with regulatory standards.

We’ll provide assessment and reporting tools so SOC 2 engagements can be completed efficiently, effectively, and on budget. Our in-house expertise covers a range of industries and IT expertise; we can provide you with the most sophisticated level of service at a competitive fee.

Industries benefitting from a SOC 2 report include:

  • Health care service providers,
  • Government service providers,
  • Hosting providers, and
  • Production printing.

SOC 3 Reports

This report covers the same testing procedures and requirements as a SOC 2 engagement, however this report omits the detailed test results and the description of the system and is intended for general audiences and public distribution.

SOC for Cybersecurity

This report is designed to provide assurance about the effectiveness of the controls over a service organization’s cybersecurity risk management program. 

Our Audit Team has extensive knowledge of SOC reporting and will guide you to the appropriate SOC report(s) for the services you provide, with an understanding that your controls have undergone comprehensive testing.

For more information about SOC reporting, please contact Thomas Burns or complete the form below.

Services Leaders

Thomas Burns

Thomas M. Burns, CPA, CMA

Principal
Jill Johnson

Jill M. Johnson, CPA, CFE, CITP, FHFMA

Partner

Upcoming Events

April 2025 Buffalo Sabres Tickets Raffle

April 2025 Buffalo Sabres Tickets Raffle

April 05, 2025

Enter to win two tickets to a Sabres home game for the 2024-2025 season!

Learn More
Navigating Expiring Tax Provisions and the Current Market Landscape

Navigating Expiring Tax Provisions and the Current Market Landscape

February 12, 2025

Discover the expiring provisions of the Tax Cut and Jobs Act (TCJA) and their impact on your financial planning and tax strategies for 2025 and beyond. Plus, gain insights from our Financial Market Update.

Learn More
SIGN UP TO RECEIVE OUR LATEST TAX AND ACCOUNTING ARTICLES, NEWSLETTERS, AND EVENTS. SIGN UP

Comprehensive. Proactive. Accessible.
How Can We Help?