Establish peace of mind for you and your business associates.

Show your customers that you follow best practices and that your—and their—information is safe and secure. The risk services specialists at Schenck can guide you.

Providing services such as claims processing, payroll, collections or cloud computing to another business means you’re handling their sensitive data and it must be secure. Having internal controls in place to manage financial and confidential data is critical—and they need to be operating effectively. As your business grows, a Service Organization Control (SOC) Report can help demonstrate reliability of your controls surrounding:

  • Financial reporting
  • Data security
  • Data availability
  • Processing integrity
  • Confidentiality
  • Privacy

The Risk Services team at Schenck reviews your internal controls, looking at business processes and established policies and procedures. We then provide implementation guidance for any areas lacking sufficient controls – advising you of potential improvements and best practices. After recommendations are in operation, we test to ensure effectiveness. At that point, we prepare an SOC Report that provides a description of controls used by your facility in providing services to your customers.

Which SOC report is right for you?

Our risk services specialists can help determine which report best fits your needs.

  • An SOC 1 Report is an evaluation of your internal controls over financial reporting for purposes of compliance with laws and regulations. It can be used by your external audit firm as well as internally within your organization.
  • An SOC 2 Report is for those who need to communicate the state of internal controls at a service organization as they relate to data security, availability, integrity, confidentiality or privacy. Depending on how the report is structured, it may be used internally or by other stakeholders such as customers, regulators, business partners and suppliers.
  • An SOC 3 Report is designed to accommodate users who want assurance similar to that provided in an SOC 2 Report, but do not have the need for the detailed and comprehensive SOC 2 Report. It can be used in your organization’s marketing efforts.