SOC 3 Audit Reports

Ryan Sharkey’s Risk Advisory Services group offers expertise in Service Organization Control (SOC) 3 reporting that is specifically designed for companies seeking independent assurance related to the service organization’s information systems and e-commerce.


SOC 3 reports do not provide the level of detail in a SOC 2 report; they are intended as a general use report that can be distributed publicly by anyone to demonstrate that proper controls are in place within the data system and design.  This can include any users who want assurance related to:

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

Report Content

  • Independent service auditor’s opinion on whether the entity maintained effective controls over the system
  • Written assertion by management of service organization
  • An unaudited system description used to delineate the boundaries of the system (if a system description is provided by the service organization)

RyanSharkey Approach

  • Our approach to SOC reporting projects includes:
  • Assessment of weaknesses and vulnerabilities
  • Planning: Scope, roles and expectations
  • Documentation and Definition of Objectives
  • Design and Execution of Testing (includes Type 1 and Type 2 reports)
  • Reporting

Click here to learn more.

Know that you need a SOC Report? FILL OUT THE FORM TO THE LEFT to request a quote.

For more information on SOC Reporting or to contact a member of RyanSharkey’s Risk Advisory Services team, please fill out the form on this page. A member of our team will contact you.