SOC reports offer a confirmation of services provided by a service organization including information that users need to assess and address the risks associated with an outsourced service. They are designed to help Information Technology service organizations build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant.
What are SOC 1, SOC 2 and SOC 3 Reports?
Expedient Data Centers publishes multiple SOC reports annually:
- SOC 1 Report (Type II)
Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting (SSAE-16) – This report is used by customers undergoing financial statement audits and those who require compliance with the Sarbanes-Oxley Act or similar regulation. It reports on the effectiveness of controls in achieving stated objectives throughout a specified period and was formerly known as SAS 70. Receipt of this report requires execution of a mutual non-disclosure agreement and is available from an account manager.
- SOC 2 Report (Type II)
Report on Controls at a Service Organization Relevant to Security, Availability and Confidentiality – This report is used by customers who require confidence in the critical business processes and procedures to complement compliance with the Health Information Portability and Accountability Act (HIPAA), Payment Card Industry Digital Security Standard (PCI-DSS), and other industry or government regulations with relevant requirements. Receipt of this report requires execution of a mutual non-disclosure agreement and is available from an account manager.
- SOC 3 Report
Trust Service Report for Organizations – This report is used by prospective and current customers as a general overview of controls related to certain processes and procedures. Receipt of this report requires acceptance of our terms and conditions and is available for download.
Expedient SOC reports use the National Institute of Standards and Technology (NIST) Special Publications control framework, including NIST SP 800-53. More information about SOC reporting is available from the American Institute of Certified Public Accountants (AICPA).