Service Organization Controls Reporting (SOCR)
EY offers services for independent assessment and attestation of the system of internal controls by leading attestation and reporting standards such as SOC 1, SOC 2, SOC 3, ISAE 3000 and ISAE 3402. Service organization control reporting (SOCR) brings value to an organization that provides services, and to its customers who want to be sure that their supplier's control environment meets the requirements of these internationally recognized standards.
The team
What EY can do for you
EY is a global SOCR leader, issuing more than 3,000 SOC reports to more than 900 clients each year. We have been helping our clients understand the value and benefits associated with high-quality SOC examinations since 1993. We are also leaders in the technology, financial services and healthcare sectors. We audited almost half of the largest global technology companies and one third of the Russell 3000 health companies, and we worked with nearly all the top 25 global asset managers.
We bring all this experience to help companies address an ever-more complex and fast-changing environment. Customers and regulators are looking for more assurance in areas such as privacy and security, and they expect management to be able to provide answers.
In their turn, management are recognizing an increased dependence on suppliers and partners, and want assurance that these organizations are managing their risks and will continue to be reliable suppliers in the future.
All of this is creating increased demand for independent assurance from companies throughout the supply chain. SOCR helps companies build that trust with their partners by providing an independent opinion on the extent to which their controls are designed to address key risks and allow them to operate effectively.
The benefits of providing independent assurance include:
- Building trust with existing customers
- Demonstrating the quality of controls as part of bidding for new contracts – including building credibility where start-ups are looking to win contracts with larger entities
- Undergoing one audit rather than multiple customer audits
- Focusing on key controls, with the opportunity to challenge other control activities
What we do
We provide control attestation services to our clients, using several generally recognized reporting systems and control frameworks:
Why EY?
Our team has huge experience in the implementation of various reporting projects on the controls of service organizations, including the release of SOC 1, SOC 2 and ISAE 3000 reporting for SWIFT CSP, as well as the implementation and testing of SOX controls and ETSI EN 319 controls. The Ukrainian team performed more than 10 such projects over the past 5 years for leading local and international companies in their field (for example, for leaders of the Ukrainian IT market and leading international companies in the financial and telecommunications sectors).
Other technology risk services
Contact us
Like what you’ve seen? Get in touch to learn more.