SOC reporting provides your customers with the assurance they want or require as a condition of doing business with you. In addition, a well-designed SOC program is an effective means to identify and manage financial, operational, system, and/or cybersecurity risk through one or more of the following AIPCA SOC Suite of Services:
SOC FOR SERVICE ORGANIZATIONS
SOC FOR CYBERSECURITY
Introduced by AICPA in April 2017, this report is similar to a SOC 2®, but it is intended for a broader audience (your customers and their auditors) that are interested in knowing about your company’s risk management program for cybersecurity, including information about your systems, processes and controls for detecting, preventing and responding to breaches.
SOC FOR VENDOR SUPPLY CHAINS
Introduced by the AICPA in March 2020, SOC for Supply Chain is a voluntary framework that might be the most efficient approach for your organization to:
Prior to SOC for Supply Chain, most organizations would typically rely on a variety of non-standard and other sources to obtain an understanding of supply chain risks – information provided by the supplier themselves, the organization’s internal auditor findings from assessments performed at each (or key) suppliers, or other programs such as from the International Organizations for Standardization (“ISO”) certification.
FGMK SOC EXAMINATION AND REPORTING SERVICES
FGMK understands how critical your projects and programs are to your organization’s success. Our experience and knowledge allow us to create efficient and effective reporting processes that include the following SOC services:
EXAMINATION – We perform our SOC examination under the guidance of the American Institute of Certified Public Accountants (AICPA) Statement on Standards for Attestation Engagements No. 18 (SSAE No. 18). Our experienced SOC professionals make the examination easier for you from planning through completion. We leverage our tools and templates to execute our controls testing in an efficient and effective manner so you can stay focused on running your business. We understand that SOC reports are a reflection of both your service organization and FGMK, so we focus on preparing SOC reports you will be proud to share with your customers.READINESS – We help you identify and document controls to meet your objectives. We have the tools, templates and experience to help you right size your SOC solution according to your requirements. We leverage our deep understanding of business processes and information technology to assist you in identifying controls to mitigate risks in your environment.
TECHNOLOGY – Regardless of the type of SOC report your company needs, information technology systems and security are at the core. We combine technology and IT audit skills with the knowledge necessary for a complete SOC strategy. We also draw on the resources of our technology company, Netrix, that provides complete technology design and implementation solutions.
FGMK understands how critical your projects and programs are to your organization’s success.
Sign up for our newsletter to receive the latest in thought leadership, webinars, news, and resources.