System and Organization Controls (SOC) reports

Service organizations can build an environment of trust with their clients, vendors, and internal and external stakeholders by providing a System and Organization Controls (SOC) report from an independent Certified Public Accounting firm. A SOC report details the processes and controls of the service organization, ensuring that data processed is complete and accurate, and/or that the security and confidentiality of the data being transmitted and hosted are protected.

Mazars' experts possess deep knowledge of various industries and audit standards (i.e. SSAE 18). We consistently deliver high-quality SOC examinations matched to excellent client service and responsiveness.

SOC 1 report 

Assurance about your control environment is critical for supporting your clients and their auditors' reliance on your transaction processing.

This report provides the assurance necessary for your clients and their auditors to have confidence in your controls over the processing of information which affects the data that impacts their financial statements. It also demonstrates a strong internal control environment that reduces financial reporting risks and increases productivity and efficiency.

SOC 2 report 

Assurance about your control environment over data security is a valuable asset you can provide to your clients.

As the number of organizations offering outsourcing services such as cloud computing (SaaS), data processing, and data storage continues to increase, there is a larger need for your current and prospective clients to obtain assurance on the data security risks associated with using your outsourcing services.

A SOC 2 report shows that your organization has controls implemented to meet your service commitments and system requirements for data protection in the areas of security, availability, processing integrity, confidentiality, and/or privacy.

SOC 3 report 

Give your clients assurance on your control environment over data security without the detail of a SOC 2 report.

A SOC 3 report is a general use document that can be shared openly, including your website. The report consists of a brief auditor's opinion and narrative providing background on your organization and IT infrastructure relevant to your clients. A SOC 3 report still requires audit testing to provide assurance on your control environment as found in a SOC 2 Type 2 report, but the actual report contains minimal detail on the specific controls within your organization since the report can be freely distributed.

SOC readiness assessment

Preparing for a SOC examination can be demanding and without skilled guidance, may fail to provide a comprehensive picture of your control environment and system boundaries.

Mazars can conduct a SOC readiness assessment to ensure you are adequately prepared for your upcoming SOC examination. We will help determine the scope of your SOC report relevant to your user's needs, evaluate your control environment to identify process and control gaps through a risk-based prioritized approach, and can provide remediation guidance to satisfy the identified gaps prior to your examination period. A properly executed SOC readiness assessment will minimize unexpected issues arising during your SOC examination.