Baker Tilly
Contact us
typing a soc compliance report on computer

System & Organization Controls (SOC) Reporting

Baker Tilly’s dedicated AICPA SOC specialists perform hundreds of SOC engagements each year and help clients with their SOC reporting needs across a wide variety of industries.

System & Organization Controls (SOC) Reporting

  1. Article
    soc readiness faq

    SOC readiness FAQ: Examining the basics and complexities

  2. Webinar
    soc readiness prepare for soc examination

    SOC readiness: What it takes to prepare for a SOC examination

  3. Webinar
    due diligence with a SOC 2 examination

    How to bolster vendor due diligence with a SOC 2

  4. Article
    common challenges key considerations SOC report

    Common challenges and key considerations when using or reviewing a SOC report

  5. Article
    Business meeting at conference table with professionals walking by

    SOC FAQ

  6. Article
    Colleagues walk down the stairs in discussion

    What's changed with SOC 2?

  7. Webinar
    Closeup of circuitry on computer

    Top cyber trends and emerging risks in the insurance industry

  8. Resource
    hands working on report

    Which SOC report is right for your organization?

  9. Article
    Men shake hands in a corporate office building

    Importance of obtaining a SOC 2 for your customers

  10. Webinar
    Cybersecurity data screen

    Leveraging SOC 2 and CMMC reporting to assess compliance of your security environment

  11. Webinar
    SOC lessons learned

    SOC: lessons learned from a year of remote engagements

  12. Webinar
    Team meeting analyzing data

    SOC 2 for startups: what you need to know to be prepared for a SOC 2 audit

  13. Article
    Lights reflecting on building exterior

    Lessor issues: implementing the new leases accounting standard

  14. Webinar
    Leveraging SOC 2® reports to meet stakeholder expectations

    Leveraging SOC 2® reports to meet stakeholder expectations

  15. Multimedia
    Vascular Solutions testimonial

    System and Organization Controls (SOC) overview

  16. Article
    Stack of white papers

    AICPA proposes guidance for new System and Organization Controls (SOC) Supply Chain report

  17. Webinar
    Bundle of fiber optic wiring

    Transitioning between System and Organization Control (SOC) reports

  18. Webinar
    lighthouse at the end of a dock at night with water

    Preparing for SOC 2® changes: lessons learned from applying the new Trust Services Criteria

  19. Case Study
    Tall electrical tower

    System and Organization Controls (SOC) reports provide third-party assurance and significant time savings for large energy company

  20. Article
    View of a computer server room

    GDPR quick assessment questionnaire: assess your GDPR data footprint

  21. In the News

    Auditors plan deeper dives into outsource provider reports

  22. Webinar
    Man works remotely with phone, reports and computer

    System and Organization Controls (SOC): latest SOC 2® guidance updates and impacts for issuers and recipients

  23. Article
    Ethernet cables

    System and Organization Controls (SOC): 20 questions with Baker Tilly

  24. Webinar
    View of a computer server room

    System and Organization Controls (SOC) webinar and insights series

  25. Article
    Woman reviews business plan on computer

    AICPA releases new guidance on System and Organization Controls (SOC) 2® Trust Services Criteria and Description Criteria

  26. Article
    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

  27. Webinar
    Man working at a computer from home

    SOC update: Lessons learned from the first year of SSAE18 and SOC for Cybersecurity

  28. Article
    Strategy session resources

    System and Organization Controls (SOC): a guide to transitioning to the new Trust Services Criteria

  29. Article
    Five person meeting

    Tips to understand and maximize the value of SOC reports for boards, audit committees and senior management

  30. Webinar
    Architecture details, glass windows

    System and Organization Controls (SOC) essentials II: key tips for issuers and recipients

  31. Article
    Opening between buildings

    HITRUST CSF™ Version 9: updates and impacts for certification

  32. Article
    Strategic planning meeting members brainstorm with a clear whiteboard

    Developing and implementing an effective breach response plan

  33. Article
    technology, digital, lights

    Monitoring and verifying cybersecurity controls effectiveness

  34. Whitepaper
    Looking up at buildings in city

    ASC 606 Revenue Recognition e-book

  35. Article
    The test for goodwill impairment gets easier

    The test for goodwill impairment gets easier

  36. Article
    ASC 606 (revenue recognition) transition: The role of internal control over financial reporting (ICFR) and auditor expectations

    ASC 606 (revenue recognition) transition: The role of internal control over financial reporting (ICFR) and auditor expectations

  37. Article
    string of lights

    Creating a sustainable cybersecurity management program

  38. Webinar
    ICFR for Revenue Recognition

    ICFR for Revenue Recognition

  39. Webinar
    abstract blue lights, dots

    ASC 606: Transition methods and effective dates

  40. Webinar
    Leases: How will it impact you?

    Leases: How will it impact you?

  41. Article
    The ASC 606 (revenue recognition) transition: Effective dates and transition methods

    The ASC 606 (revenue recognition) transition: Effective dates and transition methods

  42. Article
    The ASC 606 transition: Recognizing revenue as each performance obligation is satisfied

    The ASC 606 transition: Recognizing revenue as each performance obligation is satisfied

  43. Article
    ASC 606, new revenue recognition standard, may impact broker-dealers

    ASC 606, new revenue recognition standard, may impact broker-dealers

  44. Article
    The ASC 606 transition: Allocating the transaction price to separate performance obligations

    The ASC 606 transition: Allocating the transaction price to separate performance obligations

  45. Webinar
    Equipment leasing – Strategies, best practices, and new leasing standards

    Equipment leasing – Strategies, best practices, and new leasing standards

  46. Article
    The ASC 606 transition: Determining the transaction price

    The ASC 606 transition: Determining the transaction price

  47. Article

    OCC standards require strict oversight of third-party relationships

  48. Article
    architecture, blue support beams

    Cybersecurity management: implementing cybersecurity controls

  49. Case Study

    Credit union relies on risk and internal audit expertise

  50. Article
    Looking up at buildings in a city

    AICPA changes to SOC 2: what service organizations need to know

  51. Article
    Lights speeding by with city buildings in the distance

    Cybersecurity management: data classification demystified

  52. Article
    Transitioning to the 2013 COSO Framework

    Transitioning to the 2013 COSO Framework

  53. Article
    Lights speeding by with city buildings in the distance

    New Jersey law mandating health insurance data encryption may have broader implications

  54. Case Study
    consultant reviews financial data on mobile devices

    SOC 2 report helps international printing company drive millions in sales

  55. Article
    Drone flies within city limits

    New NIST Cybersecurity Framework

  56. Article
    consultant reviews financial data on mobile devices

    Changes to the Trust Services Principles that Impact SOC 2

  57. Article
    Professionals walk and talk in transit to the next business meeting

    SOC reporting: what service organizations need to know

  1. Jeff Krull

    Jeff Krull

    CPA, CISA, CITP

    Principal

  2. Emily Di Nardo

    Emily Di Nardo

    CPA, CITP, HITRUST CHQP

    Principal

  3. Garrett Gosh

    Garrett Gosh

    CPA, CITP

    Principal

  4. Brian Nichols

    Brian Nichols

    CISSP, CIPP/US

    Principal

  5. Andrew McCauley

    Andrew McCauley

    CPA, CISA

    Principal

  6. Greg Reda

    Gregory Reda

    Principal

  7. Bosco Yuen

    Bosco Yuen

    CPA, CISSP, CISA, CIA, CSX, CCSA, PMP

    Principal

Baker Tilly’s dedicated SOC specialists perform hundreds of SOC engagements each year and help clients with their SOC reporting needs across a wide variety of industries.

SOC reporting was developed by the AICPA as a valuable tool for organizations to demonstrate to their customers and other key stakeholders their controls are working.

Which SOC report is right for your organization?

Connect with usarrowCreated with Sketch.

With several reporting options available, it is important to identify which SOC report is right for your organization. Reporting options include the SOC 1®, SOC 2®, SOC 3®, SOC for Cybersecurity and SOC for Supply Chain.

Four steps to a SOC exam

Step 1: Understand what the end-user entities needs included in the scope of the report
Step 2: Understand what is included in the system description 
Step 3: Start your readiness assessment
Step 4: Remediate control or documentation deficiencies before the examination period begins

Find out more about what SOC is and how an organization and its customers can benefit from the reports.

Watch this video

How long does it take to perform a SOC examination?

For organizations undertaking their first SOC examination, we strongly recommend performing a SOC readiness assessment with a qualified advisor prior to starting the examination period to help position the organization for a successful examination. The time frame can vary, but typically it takes 9-14 months from the time an organization starts the readiness assessment process, through an audit period, and ultimately to having a SOC report they can provide their customers.

The flexibility you need

Baker Tilly's SOC practice uses a variety of technology tools to streamline our service delivery model and make sharing documents and requests seamless. These tools can also make it easy for our SOC clients to work remotely and share documents and evidence needed as part of the SOC process with us. Our personnel are well versed in methods for facilitating video conferences, teleconference calls and live, online document-sharing sessions to perform SOC readiness and SOC examination services as efficiently (if not more than) if we were live on-site.

In many cases, remote SOC project services can deliver the same quality service while minimizing travel expenses and space constraints that can accompany on-site work. We also work on-site with our clients when it is more productive and beneficial.  If you are considering Baker Tilly for your SOC needs, let’s discuss these options together and how they could apply in your environment. If you already use Baker Tilly for your SOC needs, please talk with your engagement team about leveraging these tools to make the SOC process as efficient and effective as possible.

Connect with usarrowCreated with Sketch.
Your team was fantastic to work with again this year. I compliment the amazing team you have and am looking forward to next year!
Senior Vice President/Chief Technology Risk Officer of a large financial institution
Article
What's changed with SOC 2?

What's changed with SOC 2?

Article
Five person meeting

Tips to understand and maximize the value of SOC reports for boards, audit committees and senior management

Webinar
Bundle of fiber optic wiring

Transitioning between System and Organization Control (SOC) reports

Article
SOC reporting: what service organizations need to know

SOC reporting: what service organizations need to know

Article
Ethernet cables

System and Organization Controls (SOC): 20 questions with Baker Tilly

Case Study
Tall electrical tower

System and Organization Controls (SOC) reports provide third-party assurance and significant time savings for large energy company

© 2024 Baker Tilly US, LLP