SOC Reporting Services

System and Organization Controls (SOC) reports are independent assessments of your company’s internal controls. As current and prospective customers increase their awareness of the risks posed in service delivery, Boulay is your partner to ensure your business meets the compliance standards necessary to compete for and retain customers asking for SOC assurance.

SOC 1 reports evaluate your organization’s internal controls over financial reporting. Required for service organizations whose operations may impact the financial statements of their user entities, such as:

  • Payroll
  • Insurance and claims processors
  • Financial services and payment processors
  • Loan servicing companies

SOC 2 reports evaluate your organization’s internal controls over security, availability, processing integrity, confidentiality and/or privacy. Required for service organizations who store or process client information, such as:

  • Software-as-a-Service (SaaS) organizations
  • Cloud data storage providers
  • Marketing agencies
  • IT services
  • Companies that need a SOC 1 report

SOC 3 reports are redacted / simplified SOC 2 reports that can be made public and used for advertising.

SOC for Cybersecurity is a report on your company’s cybersecurity risk management program and the effectiveness of controls within that program.

SOC for Supply Chain is a report on your company’s production, manufacturing, or distribution system and the effectiveness of controls that achieve the system objectives.

Boulay has a strong team of experienced professionals who are ready to help you with your SOC compliance requirements. Contact one of our experienced professionals for a free consultation.


Contact our Risk Advisory Experts

Let our team provide expert guidance and solutions to assist with your technology risks.

Contact Boulay Today!