SOC 1 report meets the needs of user entities and their financial statement auditors. Service organizations may need to provide SOC 1 reports to their user entities. The SOC 1 report helps evaluate the impact of the design and operating effectiveness of the service organization’s controls on the user entities’ financial statements.
SOC 2, SOC 2+, SOC 3
SOC 2 Provides reasonable assurance that the service organization’s service commitments and system requirements were achieved based on the trust services criteria relevant to security, availability and processing integrity of the systems used to process its users’ data, and its confidentiality and privacy of the data.
SOC 2+ Addresses the relevant SOC 2 trust service criteria “+” additional criteria that may include HIPAA, HITRUST, NIST, ISO, Sheltered Harbor, CSA Star or other specified subject matter.
SOC 3 Meets the needs of users similar to a SOC 2 report, but without the details of the criteria, controls, tests and results of testing. This general use report can be freely distributed.
SOC for Supply Chain
SOC for Supply Chain report is related to an entity's system and controls for producing, manufacturing or distributing goods. Organizations can use the reporting framework to communicate to stakeholders relevant information about their supply chain risk management efforts and the processes and controls they have in place to detect, prevent and respond to supply chain risks.
SOC for Cyber
SOC for Cybersecurity report enables companies to demonstrate and communicate due diligence and due care in their management of cybersecurity risk. The cybersecurity risk management reporting framework, developed by the AICPA, provides a report through which organizations can communicate relevant useful information about the effectiveness of their cybersecurity risk management program.
HITRUST has developed a standard report that provides a consistent representation of risk exposure, compliance posture and corrective actions that allow for benchmarking of results against security practices at similar organizations in the industry. Grant Thornton is approved by HITRUST as an external assessor.
Other attest services
All performed under the AICPA attestation standards:
General examinations – The practitioner’s objective is to obtain reasonable assurance that the subject matter is measured or evaluated against the criteria in all material respects.
Agreed-upon procedures – The practitioner is engaged to issue a report of findings based on specific agreed-upon procedures applied to subject matter for use by specified parties.
Compliance examinations – The objective is to examine an organization’s compliance with requirements of specified laws, regulations, rules, contracts or specified requirements or management’s assertion about compliance with the specified requirements (e.g., Regulation AB, USAP). The engagement may also be performed to assess an entity’s internal control over compliance with specified requirements.
With COVID-19 impacting day-to-day business activities, pharmaceutical companies have rapidly shifted focus from selling existing products to finding a cure for or therapies to treat the virus, while medical device companies are applying innovation to address shortages. The CARES Act makes it critical to address key supply chain provisions in time to strengthen your position while helping to save lives and return communities to health.
Even as manufacturers manage disruptions to their business and anticipate financial and operational implications, the industry is keenly focused on producing the crucial products needed to overcome COVID-19 challenges.
Given the myriad of issues facing nonprofit organizations that are being asked to do even more with less, leadership is challenged in considering the full impact of COVID-19.
The COVID-19 environment has created unprecedented economic times for all of real estate. The impact of what is happening today will change the course of your company three to six months from now and beyond. Assessing the immediate and long-term impacts now will pay off as you align your company strategy to the new normal.
Technology is stepping up to the challenge in the COVID-19 era. Remote working arrangements and social distancing have placed an even greater reliance on the use of technology to operate. Worker remote connectivity, increased use of online transactions and other essential activities are driven by capabilities in software, hardware and networking.
Readiness assessments – Performed under the AICPA consulting standards, readiness assessments help prepare organizations for compliance with attestations and certifications. Readiness assessments can be performed for SOC reports, HITRUST, HIPAA, ISO, CMMC, General Examinations, NIST 800-171, FedRamp and other IT frameworks.