SSAE 18 & System and Organization Control (SOC) Reports
Your customers want assurance. We can help.
Innovations in technology and the reliance on third-party servicing have increased the need for service organizations to obtain System and Organization Controls (SOC) reports to provide assurance to their customers that their data is safe and the related service commitments are met. That’s where we come in.
Pat specializes in AICPA’s SOC for Service Organizations (SOC 1® and SOC 2®), Sarbanes-Oxley Act, information technology controls, and data extraction and analysis. Pat also leads the firm’s ESG-related services, assisting clients with ESG planning and reporting efforts.
Nationally recognized SOC experts
Service organizations that provide outsourcing of certain business processes, functions, and systems need to be able to provide assurance to their clients, particularly healthcare and financial services providers.
We have years of experience developing SSAE-18, SOC 1, and SOC 2 reports. In fact, our practice leader Patrick Morin authored the AICPA’s Introduction to SOC Auditing, and earned the AICPA’s Advanced SOC for Service Organizations Certification.
How we can help
- Engagement quality review
- Readiness assessments
- SSAE 18
- System and Organization Control Reports 1 – A SOC 1 report evaluates the effectiveness of a service organization’s controls over a user entity’s financial statement assertions.
- System and Organization Control Reports 2 – A SOC 2 report provides detail over the controls at a service organization as they relate to security, availability, processing integrity, confidentiality or privacy.
- System and Organization Control Reports 3 – A SOC 3 report is a trust service examination report, which addresses the same subject areas as a SOC 2 report, but in a shortened version. This rapport can be used in a service organization’s promotional efforts and on its website.
- SOC for Cybersecurity
- SOC for Supply Chain (COMING SOON!)
Service businesses we work with
- Collection agencies
- Third-party service providers
- Payment processors
- Trust companies
- Managed service providers
- Software-as-a-Service and cloud technology providers
What our clients are saying
As always, BNN makes this process as painless as possible. I view BNN not as
just our auditing firm, but as a valued partner in helping us establish the appropriate
controls and processes to ensure we operate in the best interest of our clients.