System and Organization Controls (SOC): Suite of Services Examination for

Service Organizations

​

(SOC 1®, SOC 2®, SOC 3®)

Created by the AICPA, System and Organization Controls (SOC) is a suite of service offerings CPAs provide in connection with system-level controls of a service organization or entity-level controls of other organizations.  A SOC examination is an examination of controls at a service organization with whom another organization has outsourced one or more business functions.  SOC examinations are performed in accordance with the attestation standards (AT-C 2305). Options include SOC 1® (examination of controls that could affect internal controls over financial reporting at user entities), and SOC 2® or SOC 3® (examination of controls relevant to security, availability, processing integrity, confidentiality, or privacy).

​

​

In addition, to performing the SOC Examination, Purvis Gray can work with your organization to prepare a SOC readiness assessment which is often recommended for organizations prior to undertaking their initial SOC examination.

​

SOC for Cybersecurity

​

The AICPA has developed a cybersecurity risk management reporting framework, SOC for Cybersecurity, through which organizations can communicate relevant useful information about the effectiveness of their cybersecurity risk management program. CPAs can report on such information to meet the cybersecurity information needs of a broad range of stakeholders including senior management, boards of directors, analysts, investors, and business partners. Purvis Gray can provide this service to your organization, including working with your organization to prepare a SOC readiness assessment which is often recommended for organizations prior to undertaking their initial SOC for Cybersecurity examination.