The Small, The Big, and Everything in Between

October 11, 2016 NICK BRUCE

Why should service organizations of all sizes need a Service Organization Controls (SOC) Report?  The AICPA explained it well that “Service Organization Controls (SOC) reports are designed to help service organizations, organizations that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant.”  Most times, SOC reports are performed at the request of a client of your organization since your services impact material areas of their internal controls or they stipulate this as part of the contractual agreement.

So does everyone need to go through a SOC examination regardless of how big or how small?  The quick answer is no, but, service organizations should have a SOC examination conducted over their internal business and IT controls. 

Three reasons why companies should undergo a SOC examination include but are not limited to:

  • Maturity - Some would argue that undergoing any form of an audit is a healthy business practice. Audits allow for a review your controls and activities by an independent third party to ensure they are functioning appropriately and provide an opportunity for improvement.
  • Trust and Confidence – A SOC examination will build trust and confidence in the efficiency and operating effectiveness of your internal controls. Your current client base, as well as potential new clients, are looking for a company they can trust with their data. Wouldn’t you want peace of mind knowing your data is handled with utmost care?
  • Competitive Advantage – A lot of companies will not consider utilizing a service organization that do not have a SOC report. Going through a SOC examination provides your company a competitive advantage and attracts new and large profile clients looking for service providers like yourself.

Regardless of the size of your organization, your clients need to be able to rely on the controls of your organization regarding the services you are providing.  Determining the right SOC report for your organization depends on the services provided to your clients and the needs of those clients 

Whether it’s your clients that are requiring you to undergo a SOC examination or you are making this decision to strengthen and mature your business practices, we would like to go over what options are available to you.


Previous Article
Security Awareness: Humans Fighting Back
Security Awareness: Humans Fighting Back

Originally published at

Next Article
Happy birthday to… wait, who’s this guy?
Happy birthday to… wait, who’s this guy?

Originally published by the Cloud Security Alliance: How many ar...


Subscribe now
to receive content updates once a week

First Name
Error - something went wrong!