Together we’ll create opportunities
A SOC engagement provides assurance to client user organizations that controls have been suitably designed and operate effectively based on services provided, types of data processed, and the overall operating environment.
We’re committed to helping address what matters most to you:
- Securing service delivery systems so they are available as committed, and maintaining data privacy and confidentiality
- Protecting data with administrative, technical, and physical controls
- Enhancing processing integrity with effective internal controls
- Complying with regulatory requirements
Experience our client-focused approach
Organizations that depend on external service providers to perform critical outsourced business functions are becoming more diligent in evaluating the service provider’s internal control environment. A SOC for Service Organizations (SOC 1, SOC 2, or SOC 3) examination can provide that assurance.
From the initial readiness phase to final control testing and reporting, our professionals collaborate with service organization personnel to recommend ways to strengthen the control environment and prepare for an attestation examination.
CLA has the industry, accounting, audit, security, and technology management knowledge to assess internal controls and security measures and determine if business goals and service delivery may be at risk.
We have significant experience evaluating technical controls applicable to networks, servers, workstations, and other devices as well as application system(s) and underlying database(s) that maintain client data. We also analyze controls related to the physical environment and organizational management for design and effectiveness.
SOC reporting services
Whether this is your initial pursuit of an assurance engagement or your service organization is looking to change service auditors, CLA can help by:
- Determining if SOC 1, SOC 2, or SOC 3 is most appropriate to satisfy the needs of user organizations
- Assessing design of controls to meet control objectives or the Trust Service Criteria
- Providing recommendations to enhance and strengthen internal controls
- Documenting the system description
- Performing tests of controls associated with attestation
- Issuing a SOC 1, SOC 2, or SOC 3 report that meets your needs
- Demonstrating compliance with applicable regulatory requirements, including:
InsightsSee All Insights
Article 7/27/2021Cybersecurity Compliance — Are You Accidentally Breaking the Law?
Blog 7/21/2021StopRansomware.gov – New Website
Blog 7/16/2021Preventing a Password Compromise
EventsSee all Events
Event 10/25/2021 – 10/27/2021Bank Audit and Risk Committees Conference
Webinar 9/21/2021IT Webinar Series: Considerations for Financial Institutions