Assessing effectiveness, building your customers’ trust
Organizations face a growing list of risks that can result in negative financial performance, reputational damage and loss of customer or client trust. Our risk professionals assist organizations in assessing needs and developing solutions to satisfy the full range of compliance and reporting mandates, including System and Organization Controls (SOC) reports and other assurance services.

We use a “test once, apply many” approach and our leading-edge SOC services automation product — SOC.x — to drive efficiencies and enhance an organization’s compliance process. We can help you determine which attestation reports and/or certifications meet your needs, and we can design a customized process to help you benchmark and compare internal controls against industry best practices.
SOC 1 Icon plus black
SOC 1 report meets the needs of user entities and their financial statement auditors. Service organizations may need to provide SOC 1 reports to their user entities. The SOC 1 report helps evaluate the impact of the design and operating effectiveness of the service organization’s controls on the user entities’ financial statements.
SOC 2, SOC 2+, SOC 3 Icon envelope black
SOC 2 Provides reasonable assurance that the service organization’s service commitments and system requirements were achieved based on the trust services criteria relevant to security, availability and processing integrity of the systems used to process its users’ data, and its confidentiality and privacy of the data.

SOC 2+ Addresses the relevant SOC 2 trust service criteria “+” additional criteria that may include HIPAA, HITRUST, NIST, ISO, Sheltered Harbor, CSA Star or other specified subject matter.

SOC 3 Meets the needs of users similar to a SOC 2 report, but without the details of the criteria, controls, tests and results of testing. This general use report can be freely distributed.
SOC for Supply Chain Icon envelope black
SOC for Supply Chain report is related to an entity's system and controls for producing, manufacturing or distributing goods. Organizations can use the reporting framework to communicate to stakeholders relevant information about their supply chain risk management efforts and the processes and controls they have in place to detect, prevent and respond to supply chain risks.
SOC for Cyber Icon plus black
SOC for Cybersecurity report enables companies to demonstrate and communicate due diligence and due care in their management of cybersecurity risk. The cybersecurity risk management reporting framework, developed by the AICPA, provides a report through which organizations can communicate relevant useful information about the effectiveness of their cybersecurity risk management program.
HITRUST Icon plus black
HITRUST has developed a standard report that provides a consistent representation of risk exposure, compliance posture and corrective actions that allow for benchmarking of results against security practices at similar organizations in the industry. Grant Thornton is approved by HITRUST as an external assessor.
Other attest services Icon plus black
All performed under the AICPA attestation standards:

General examinations – The practitioner’s objective is to obtain reasonable assurance that the subject matter is measured or evaluated against the criteria in all material respects.

Agreed-upon procedures – The practitioner is engaged to issue a report of findings based on specific agreed-upon procedures applied to subject matter for use by specified parties.

Compliance examinations – The objective is to examine an organization’s compliance with requirements of specified laws, regulations, rules, contracts or specified requirements or management’s assertion about compliance with the specified requirements (e.g., Regulation AB, USAP). The engagement may also be performed to assess an entity’s internal control over compliance with specified requirements.
7th label Icon plus black
With COVID-19 impacting day-to-day business activities, pharmaceutical companies have rapidly shifted focus from selling existing products to finding a cure for or therapies to treat the virus, while medical device companies are applying innovation to address shortages. The CARES Act makes it critical to address key supply chain provisions in time to strengthen your position while helping to save lives and return communities to health.

8th label Icon plus black
Even as manufacturers manage disruptions to their business and anticipate financial and operational implications, the industry is keenly focused on producing the crucial products needed to overcome COVID-19 challenges.

9th label Icon plus black
Given the myriad of issues facing nonprofit organizations that are being asked to do even more with less, leadership is challenged in considering the full impact of COVID-19.

10th label Icon plus black
The COVID-19 environment has created unprecedented economic times for all of real estate. The impact of what is happening today will change the course of your company three to six months from now and beyond. Assessing the immediate and long-term impacts now will pay off as you align your company strategy to the new normal.

11th label Icon plus black
Technology is stepping up to the challenge in the COVID-19 era. Remote working arrangements and social distancing have placed an even greater reliance on the use of technology to operate. Worker remote connectivity, increased use of online transactions and other essential activities are driven by capabilities in software, hardware and networking.  

Readiness assessmentsIcon plus black
Readiness assessments – Performed under the AICPA consulting standards, readiness assessments help prepare organizations for compliance with attestations and certifications. Readiness assessments can be performed for SOC reports, HITRUST, HIPAA, ISO, CMMC, General Examinations, NIST 800-171, FedRamp and other IT frameworks.
Ready to embark on the road to modernization?
Get prepared to build your modern enterprise. Today’s organizations must act with agility and purpose in order to adopt growth strategies that will lead to critical transformation. Subscribe to receive our latest newsletters, business analysis, research, insights and event updates on today’s critical business issues including:
  • Regulatory compliance
  • Risk management
  • M&A transactions
  • Cyber strategy
  • Privacy and data protection
  • Technology strategy and digital transformation
  • Performance improvement
  • Supply chain management
  • Corporate compliance
  • Litigation and dispute resolution
  • Financial planning

Work where how you work matters. Explore careers at Grant Thornton.
cross promo banners cross promo banners

Assurance and SOC leadership