From global corporates and government departments, to private businesses and indeed service providers themselves, many organisations today face pressure to provide greater transparency regarding their operations. The potential reputational risks arising from not doing so, both for service providers themselves but also their customers, can be significant.
A Service Organisation Controls (SOC) report provides an independent view focusing on a business’s non-financial reporting controls relevant to the Trust Services Principles (TSP). The scope of a report can include those principles relevant to the subject matter of the report, but must include all criteria within each selected Trust Principle. This therefore provides a consistent and internationally recognised framework to assess the effectiveness of an entity’s operational and compliance controls.
"The newly revised AICPA trust services criteria now go further to meet stakeholders needs. Structural revisions have been made to align with COSO's principles of internal control, and criteria added to address cyber security risks. We’re currently examining the updated framework to understand the impact on SOC 2 reporting going forward.”
For customers of service providers
For service providers
Partner, Assurance, PwC United Kingdom
Tel: +44 (0)7483 378386
Director, Stakeholder Assurance, PwC United Kingdom
Tel: +44 (0)7841 566415