SOC Reports

[et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”0px|0px|0px|0px” fullwidth=”on” _builder_version=”3.0.63″][et_pb_fullwidth_header title=”SOC (Service Organization Control) Reports” background_layout=”dark” text_orientation=”center” header_scroll_down=”on” scroll_down_icon=”%%3%%” button_one_url=”http://www.mdsny.com/contact/” background_overlay_color=”rgba(0,0,0,0.52)” _builder_version=”3.0.63″ title_font_size=”63px” content_font_size=”26px” subhead_font=”Droid Sans||||” subhead_font_size=”31px” background_color=”#2d3743″ background_image=”https://www.mdsny.com/wp-content/uploads/2017/07/dreamstime_xxl_43436577.jpg” background_url=”https://www.mdsny.com/wp-content/uploads/2017/06/dreamstime_xl_48247911.jpg” background_blend=”overlay”]

SOC 1, 2 & 3

[/et_pb_fullwidth_header][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”54px|0px|9px|0px” _builder_version=”3.0.47″][et_pb_row admin_label=”row” custom_padding=”0px|0px|0px|0px” background_color=”#ffffff” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”1_2″][et_pb_text _builder_version=”3.0.47″ text_line_height=”1.5em” header_line_height=”1.2em” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

SOC Reports ensure an organization is following specific best practices before being outsourced for a certain business function.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″][et_pb_text text_orientation=”center” _builder_version=”3.0.47″ text_font=”||||” text_font_size=”58px” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

   Is Your Organization SOC Compliant?

[/et_pb_text][et_pb_button button_url=”http://www.mdsny.com/contact/” button_text=”Find Out Now” button_alignment=”center” _builder_version=”3.0.47″ custom_button=”on” button_text_size=”27px” button_text_color=”rgba(0,0,0,0.95)” button_border_width=”2px” button_border_color=”#0c000c” button_border_radius=”1px” button_text_color_hover=”#ffffff” button_bg_color_hover=”#3dacb6″ background_color=”#7EBEC5″ /][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”10px|0px|13px|0px” _builder_version=”3.0.47″][et_pb_row admin_label=”row” make_fullwidth=”on” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″][et_pb_text _builder_version=”3.0.47″ text_font=”Droid Sans||||” text_font_size=”21px” text_text_color=”#2b2b2b” text_line_height=”1.8em” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

A Service Organization Control report (SOC 1, 2, or 3) is a report, created and validated by third-party auditors, meant to provide independent assurance and to help potential customers, partners, or vendors understand any potential risks involved when working with an outsourced organization. Whether entering into a new partnership or reviewing your current inventory of business relationships, this unbiased report identifies potential inconsistencies and reaffirms that you’re paying attention to how policies and procedures are followed. No decision to work with an outside company is ever risk-proof, but SOC reports will provide unbaised context needed when determining whether or not to work with an organization. Depending on the information needed and the types of organizations involved, there 3 versions of SOC reports.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” background_color=”#e6eaea” custom_padding=”40px|0px|0px|0px” _builder_version=”3.0.47″][et_pb_row admin_label=”row” make_fullwidth=”on” custom_padding=”0px|0px|1px|0px” background_color=”#e6eaea” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″][et_pb_text _builder_version=”3.0.47″ text_font=”Droid Sans||||” text_font_size=”20px” text_text_color=”#2b2b2b” text_line_height=”1.5em” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

Components of SOC Reports:
Each SOC Report (regardless if 1, 2 or 3), contains the auditor’s opinion of whether the organization’s presentations of controls is correctly and fairly presented. If a report is deemed unqualified, it means the auditor found the company’s representation of their business and security decisions is accurate. If a report is deemed qualified, it denotes that the auditor found substantial discrepancies between the company’s statement and reality. An opinion is considered adverse if multiple controls failed, and an entire objective has not been met.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”0px|0px|54px|0px” _builder_version=”3.0.47″][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″][et_pb_text _builder_version=”3.0.47″ text_font=”Droid Sans||||” text_font_size=”21px” text_text_color=”#2b2b2b” text_line_height=”1.4em” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

3 Types of SOC Reports

Depending on the type of information requested and organization involved, there are varying versions of SOC reports:

[/et_pb_text][et_pb_toggle title=”SOC 1: Reports on Controls that have an immediate or downstream effect on a user’s entity’s financial statements. Based on the SSAE 16 reporting standard.” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” _builder_version=”3.0.47″ title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

Type I:
Shows how well internal controls are designed to prevent mistakes regarding financial transaction/statement data.
Testing is done at one point in time; does not test the operating effectiveness of the control set.

Type II:
Tests the operating effectiveness of the internal controls (business process and IT general controls); designed to mitigate the risk of a financial inaccuracy of the user entity.
Testing is conducted over a period of time, and a sampling methodology of the user entity.

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″][et_pb_toggle title=”SOC 2: Reports on controls related to security, availability, processing integrity, confidentiality and privacy. Security control tests are mandatory, while the rest are potional. Based on the AT 101 reporting standard. ” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” _builder_version=”3.0.47″ title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

Type I:
Test the design of these controls
Testing is done at one point in time; does not test the operating effectiveness of the control set.

Type II:
Tests the operating effectiveness of these controls; designed to mitigate the risk of mishandling customer data.
Testing is conducted over a period of time, and sampling methodology is used for an accurate portrayal of operating effectiveness.

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″][et_pb_toggle title=”SOC 3: Reports same subject matter as SOC 2 engagements; however, use of these reports is not restricted and can be posted on a website under a seal. To allow for this, the SOC 3 report is typically dedacted from its SOC 2 counterpart. ” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” _builder_version=”3.0.47″ title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

  • Provides high-level summary for general customers without compromising or revealing details on the internal controls.
  • Typically only utilized by organizations that have conducted many SOC reports in the past and have a thorough and robust control environment.

[/et_pb_toggle][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” background_color=”#e6eaea” custom_padding=”24px|0px|0px|0px” _builder_version=”3.0.63″][et_pb_row admin_label=”row” custom_padding=”15px|0px|28px|0px” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″][et_pb_cta title=”Learn about Required SOC Security Report Standards” button_url=”http://www.mdsny.com/contact/” button_text=”Learn More” use_background_color=”off” background_layout=”light” _builder_version=”3.0.47″ header_font=”Droid Sans|on|||” header_font_size=”30px” body_font=”Droid Sans||||” body_font_size=”19px” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

Contact an MDS today to receive expert guidance on how to get your security program up and running.

[/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”Blurb” background_color=”#2d3743″ inner_shadow=”on” custom_padding=”40px|0px|0px|0px” make_fullwidth=”on” _builder_version=”3.0.63″ global_module=”118956″][et_pb_row admin_label=”row” global_parent=”118956″ make_fullwidth=”on” custom_padding=”0px|0px|17px|0px” background_color=”#2d3743″ background_position_1=”top_left” background_position_2=”top_left” background_position_3=”top_left” background_repeat_1=”no-repeat” background_repeat_2=”no-repeat” background_repeat_3=”no-repeat” _builder_version=”3.0.63″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” background_image=”https://www.mdsny.com/wp-content/uploads/2017/06/Financial-Regulation-big.jpg”][et_pb_column type=”1_2″][et_pb_blurb global_parent=”118956″ background_layout=”dark” _builder_version=”3.0.63″ header_font=”Droid Sans||||” header_font_size=”26px” header_text_color=”#d1d1d1″ body_font=”Droid Sans||||” body_font_size=”16px” body_text_color=”#dfdfdf” background_size=”initial” background_position=”top_left” background_repeat=”repeat” inline_fonts=”Droid Sans”]

Our Pledge:

Building out and maintaining your IT ecosystem doesn’t have to be a do-it-yourself project. MDS can help identify network issues, configure devices, and optimize your infrastructure to maximize efficiency and performance. Our consultants are highly trained technology specialists that understand the complexities of multi-vendor environments and have the knowledge and skills to help your business become more agile, customer-focused and operationally efficient.

[/et_pb_blurb][/et_pb_column][et_pb_column type=”1_4″][et_pb_blurb global_parent=”118956″ background_layout=”dark” _builder_version=”3.0.63″ header_font_size=”26px” header_text_color=”#d1d1d1″ body_font=”Droid Sans||||” body_font_size=”16px” body_text_color=”#dbdbdb” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

Upcoming Events:

Ransomware is on the rise: let’s talk about how to stay safe over some wine!

[/et_pb_blurb][/et_pb_column][et_pb_column type=”1_4″][et_pb_blurb global_parent=”118956″ background_layout=”dark” _builder_version=”3.0.63″ header_font_size=”26px” header_text_color=”#d1d1d1″ body_font=”Droid Sans||||” body_font_size=”16px” body_text_color=”#dfdfdf” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

Contacts: |

NYC Headquarters:
307 West 38th Street, Suite 1801
New York, NY 10018
Tel: 646-744-1000

Miami Office:
Tel: 786-899-2980
San Juan Office: Tel: 646-460-6229

Email
: contactus@mdsny.com

[/et_pb_blurb][/et_pb_column][/et_pb_row][/et_pb_section]