SOC Reports
Stay informed on the latest in SOC reporting and compliance. AAFCPAs shares practical insights on SOC 1, SOC 2, and related frameworks to help you strengthen internal controls, meet client expectations, and demonstrate operational integrity. Explore guidance, best practices, and trends from a Top 100 CPA firm trusted by leading organizations. Learn more about SOC Reports >>
SOC Reports: What Subservice Organizations & Vendors & Need to Know
If a subservice organization (e.g., payroll processors, software firms, IT support, or medical billing functions) processes sensitive data, handles financial transactions, or provides critical services to clients, it may require a System and Organization Controls (SOC) report to demonstrate its commitment to internal controls and compliance. Subservice organizations are third-party entities such as process outsourcers […]
SOC Report 2022 Revised Points of Focus
In late 2022, the AICPA updated its guidance on performing System and Organization Controls (SOC) attestations with revised points of focus that offer enhanced context for meeting the criteria in your report. Organizations and their auditors should be aware of the updates and go through an exercise to actively incorporate these revised points of focus […]
A Startup’s First Steps to SOC Readiness
Early-stage companies have a lot to contend with, including funding, staffing, infrastructure, product development, and marketing, which can create a chaotic environment. Those that collect personal identifiable information or health information as part of their business model also must add earning their SOC (System and Organization Control) certification to the list. The SOC Report has […]
SOC Report: Why are our Sales & Marketing Teams Insisting we have one?
Prospects may ask for a SOC report as a way to assess the controls and processes in place at an organization before doing business with them. Many organizations, particularly in regulated industries or those that handle sensitive information, are required to demonstrate compliance with relevant regulations and industry standards. A SOC report can be an […]
SOC 2 Meets Death Master File Certification Requirements
The System and Organization Controls (SOC) framework may be mapped to achieve requirements of the National Technical Information Service’s (NTIS) Limited Access Death Master File (LADMF) certification. When choosing SOC 2 to achieve your LADMF certification, businesses may also benefit from the marketing value of their SOC 2 attestation, which demonstrates your commitment to access […]
Which SOC Report is Right for Your Organization
Navigating the landscape of Service Organization Control (SOC) reports can be complex, yet understanding the differences between SOC 1, SOC 2, and SOC 3 reports is essential for businesses leveraging third-party services. Each report serves a unique purpose, tailored to meet the varied needs of service organizations and their stakeholders.
AAFCPAs to Lead System and Organization Controls (SOC) Reporting Forum for PrimeGlobal, National CPA Firm Association
AAFCPAs’ James Jumes, MBA, M. Ed has been selected to lead the North American System and Organization Controls (SOC) Reporting Special Interest Group (SIG) for PrimeGlobal, an international association of independent accounting firms. James is uniquely qualified to lead this national SIG, which will serve as a forum for peers to share their interpretations and implementations of […]
AAFCPAs Earns SOC for Cybersecurity Services Certificate
AAFCPAs’ Partners James Jumes, MBA, M.Ed. and Robin Kelley, CPA, CITP, CGMA, CSPM, CCSFP have earned the System and Organization Controls (SOC) for Cybersecurity Certificate issued by The Association of International Certified Professional Accountants (AICPA). SOC for Cybersecurity is a new entity-wide cybersecurity audit that allows organizations to voluntarily report on their cybersecurity management programs […]