AICPA SSAE 16 SOC Audits
SysAudits is a registered as an AICPA Audit firm fully capable of performing audits in accordance with AICPA SSAE 16 SOC audits. A Service Organization Control report (SOC 1, 2 or 3 report) is an assessment to ensure trust and confidence in an organizations security and financial control posture that is widely recognized around the world. All SOC reports follow the guidance from the AICPAs Statement on Standards for Attestation Engagements No. 16 (SSAE 16) which will soon transition to SSAE 18. SOC reports are:
- SOC 1 – SOC 1 reports focus solely on controls at a service organization that are likely to be relevant to user entities’ internal control over financial reporting and are potentially used in an audit of a user entity’s financial statements.
- SOC 2 – SOC 2 reports address controls at a service organization related to the Trust Service Principles (TSPs) of security, availability, processing integrity of a system, or the confidentiality or privacy of the information processed by that system.
- SOC 3 – SOC 3 reports address the same subject matter as SOC 2 engagements; however, use of these reports is not restricted. Anyone may use these reports, and they may be posted on a website under a seal. To allow for this, the SOC 3 report is typically redacted from its SOC 2 counterpart for any proprietary and/or confidential information, enabling it to be publicly available.