SOC 1, 2, and 3 Reports
RFG provides services to assist firms with preparation of SOC audits or Engagement to receive a report for SOC 1, 2, and 3.
Background:
SOC 1 Reports: RFG conducts SOC 1 reports in accordance with Statement on Standards for Attestation Engagements (SSAE), which is the American Institute of Certified Public Accountants (AICPA) professional standards for issuing SOC 1 reports. Reporting on controls relevant to internal control over financial reporting (ICFR) may take the following types:
SOC 1 Type : Type 1 reports are designed to focus on management’s description of and organization’s system, as well as how controls are designed, to achieve the control objectives on a specific date.
SOC 1 Type 2A Type 2 report identifies if the organization’s internal controls are designed and operating effectively. For organizations that are interested in a historical review period of their organization’s environment, a Type 2 report which focuses on management’s description of the organization’s system, and the controls designed to achieve control objects over a period of time may be a more appropriate option.
SOC 2 Reports: Businesses heavily involved in information technology, such as data center SaaS vendors, may be required to obtain a SOC 2 reports. RFG performs procedures to successfully complete procedures to conclude and provide a SOC 2 reports in accordance with the AICPA AT Section 101, utilizing the accompanying Trust Services Principles (TSP) and related Common Criteria. SOC 2 are for restricted or intended use only and as such, not for general purpose reporting.
SOC 3 Reports: SOC 3 reports are similar to a SOC 2 with the exception of the intended user of the report. SOC 3 are general purposes reports on a firm’s controls relevant to security, availability, processing integrity, confidentiality, and privacy in accordance with general Trust Service Principles.