System and Organization Controls (SOC) Reporting

Feel confident that your internal controls are adequate, effective, and in compliance.

Together we’ll create opportunities

A SOC engagement provides assurance to client user organizations that controls have been suitably designed and operate effectively based on services provided, types of data processed, and the overall operating environment.

We’re committed to helping address what matters most to you:

  • Securing service delivery systems so they are available as committed, and maintaining data privacy and confidentiality
  • Protecting data with administrative, technical, and physical controls
  • Enhancing processing integrity with effective internal controls
  • Complying with regulatory requirements

Experience our client-focused approach

Organizations that depend on external service providers to perform critical outsourced business functions are becoming more diligent in evaluating the service provider’s internal control environment. A SOC for Service Organizations (SOC 1, SOC 2, or SOC 3) examination can provide that assurance.

From the initial readiness phase to final control testing and reporting, our professionals collaborate with service organization personnel to recommend ways to strengthen the control environment and prepare for an attestation examination.

CLA has the industry, accounting, audit, security, and technology management knowledge to assess internal controls and security measures and determine if business goals and service delivery may be at risk.

We have significant experience evaluating technical controls applicable to networks, servers, workstations, and other devices as well as application system(s) and underlying database(s) that maintain client data. We also analyze controls related to the physical environment and organizational management for design and effectiveness.

Questions about SSAE 18? Read our FAQs about SOC reporting. 

SOC reporting services

Whether this is your initial pursuit of an assurance engagement or your service organization is looking to change service auditors, CLA can help by:

  • Determining if SOC 1, SOC 2, or SOC 3 is most appropriate to satisfy the needs of user organizations
  • Assessing design of controls to meet control objectives or the Trust Service Criteria 
  • Providing recommendations to enhance and strengthen internal controls
  • Documenting the system description
  • Performing tests of controls associated with attestation
  • Issuing a SOC 1, SOC 2, or SOC 3 report that meets your needs
  • Demonstrating compliance with applicable regulatory requirements, including:

Experience the CLA Promise