SOC Reports

All Topics

The Role of SOC Reports for Subservice Organizations

The Role of SOC Reports for Subservice Organizations

If a subservice organization (e.g., payroll processors, software firms, IT support, or medical billing functions) processes sensitive data, handles financial transactions, or provides critical services to clients, it may require a System and Organization Controls (SOC) report to demonstrate its commitment to internal controls and compliance. Subservice organizations are third-party entities such as process outsourcers […]

SOC Report 2022 Revised Points of Focus

SOC Report 2022 Revised Points of Focus

In late 2022, the AICPA updated its guidance on performing System and Organization Controls (SOC) attestations with revised points of focus that offer enhanced context for meeting the criteria in your report. Organizations and their auditors should be aware of the updates and go through an exercise to actively incorporate these revised points of focus […]

A Startup’s First Steps to SOC Readiness
A Startup’s First Steps to SOC Readiness

A Startup’s First Steps to SOC Readiness

Early-stage companies have a lot to contend with, including funding, staffing, infrastructure, product development, and marketing, which can create a chaotic environment. Those that collect personal identifiable information or health information as part of their business model also must add earning their SOC (System and Organization Control) certification to the list. The SOC Report has […]

SOC Report: Why are our Sales & Marketing Teams Insisting we have one?

SOC Report: Why are our Sales & Marketing Teams Insisting we have one?

Prospects may ask for a SOC report as a way to assess the controls and processes in place at an organization before doing business with them. Many organizations, particularly in regulated industries or those that handle sensitive information, are required to demonstrate compliance with relevant regulations and industry standards. A SOC report can be an […]

SOC 2 Meets Death Master File Certification Requirements
SOC 2 Meets Death Master File Certification Requirements

SOC 2 Meets Death Master File Certification Requirements

The System and Organization Controls (SOC) framework may be mapped to achieve requirements of the National Technical Information Service’s (NTIS) Limited Access Death Master File (LADMF) certification. When choosing SOC 2 to achieve your LADMF certification, businesses may also benefit from the marketing value of their SOC 2 attestation, which demonstrates your commitment to access […]

SOC Report Approach & Timeline

SOC Report Approach & Timeline

This report highlights the approach, responsibilities and timeline for a three phase System and Organization Controls, SOC 2 Report.  AAFCPAs has provided this resource in an effort to help management of service organizations better understand SOC examinations and how to prepare for a SOC 2 engagement.

Which SOC Report is Right for Your Organization

Which SOC Report is Right for Your Organization

This infographic provides a brief overview of the main differences between SOC 1, SOC 2, and SOC 3 reports. These insights will help ensure you are providing your management, customers, and prospective customers with the optimal levels of attestation without paying for more than you need to.

AAFCPAs to Lead System and Organization Controls (SOC) Reporting Forum for PrimeGlobal, National CPA Firm Association

AAFCPAs to Lead System and Organization Controls (SOC) Reporting Forum for PrimeGlobal, National CPA Firm Association

AAFCPAs’ James Jumes, MBA, M. Ed has been selected to lead the North American System and Organization Controls (SOC) Reporting Special Interest Group (SIG) for PrimeGlobal, an international association of independent accounting firms. James is uniquely qualified to lead this national SIG, which will serve as a forum for peers to share their interpretations and implementations of […]

AAFCPAs Earns SOC for Cybersecurity Services Certificate
Trust and Confidence are strategically critical

AAFCPAs Earns SOC for Cybersecurity Services Certificate

AAFCPAs’ Partners James Jumes, MBA, M.Ed. and Robin Kelley, CPA, CITP, CGMA, CSPM, CCSFP have earned the System and Organization Controls (SOC) for Cybersecurity Certificate issued by The Association of International Certified Professional Accountants (AICPA). SOC for Cybersecurity is a new entity-wide cybersecurity audit that allows organizations to voluntarily report on their cybersecurity management programs […]