Service Organization Control (SOC) Reporting

As companies and other entities increasingly outsource business processes and information technology functions to service organizations, they seek assurance regarding the risks and controls associated with these outsourced services. Service Organization Control (SOC) Reports provide valuable information that helps build trust and confidence in those controls, processes and safeguards.


The SOC team in RyanSharkey's Risk Advisory Services group applies field-tested practices when performing SOC 1, 2, and 3 engagements. Our approach begins with a readiness assessment that will identify any deficiencies in the service organization’s internal controls for the services and systems that are determined to be in-scope for the SOC review.  We conclude our readiness assessment with a report providing detailed steps to remediate the control deficiencies. Our approach concludes with rigorous testing of the internal controls previously evaluated during the readiness assessment and the issuance of the SOC report to the service organization.

Know that you need a SOC Report?
FILL OUT THE FORM TO THE LEFT to request a quote.


There are three types of SOC Reports available, providing assurance over financial controls, and controls relevant to security, availability, processing integrity, confidentiality and privacy. Your company, entity or service organization will need a specific SOC Report based on the type of assurance required:

  • SOC 1: Examines design and operating effectiveness of financial reporting controls applicable to selected control objectives. Read more…
  • SOC 2: Examines the design and operating effectiveness of specific information technology and/or privacy internal controls related to the applicable AICPA Trust Services Principles. Read more…
  • SOC 3: Provides assurance related to applicable AICPA Trust Services Principles. Read more…

SOC Report Benefits

  • Increased ability to market to, attract and retain quality customers
  • Satisfaction of external audit requirements
  • Documentation of internal control structure
  • Increased customer confidence
  • Enhanced risk management
  • Compliance with regulatory requirements

Our Approach

RyanSharkey’s approach to SOC Reporting projects includes:

  • Assessment of weaknesses and vulnerabilities
  • Planning: Scope, roles and expectations
  • Documentation and definition of objectives
  • Design and execution of testing (includes Type 1 and Type 2 reports)
  • Reporting

Read about our full approach to SOC Reporting here.

Know that you need a SOC Report? FILL OUT THE FORM TO THE LEFT to request a quote.

For more information on SOC Reporting or to contact a member of RyanSharkey’s Risk Advisory Services team, please contact us using the form on this page.