Compass IT Compliance SOC Reporting Services provides System & Organization Controls (SOC) audit and attestation reporting for service organizations. The service is delivered in partnership with the Compass Assurance Team, a fully licensed and accredited CPA firm recognized by the AICPA. SOC Report Types Offered: - SOC 1: Evaluates internal controls relevant to a client's financial reporting; intended for client auditors and management. - SOC 2: Examines data controls across the 5 Trust Services Criteria (TSC) — Security, Availability, Processing Integrity, Confidentiality, and Privacy; intended for auditors and shareholders. - SOC 3: A public-facing version of SOC 2 that excludes confidential details, suitable for broader distribution. Report Formats: - Type 1: Point-in-time assessment of the design and suitability of controls. - Type 2: Assessment of operating effectiveness of controls over a period of no less than 6 months. The process covers readiness assessment, Trust Services Criteria selection, controls evaluation, and final reporting through the independent CPA firm. The goal is to produce an unqualified opinion in the final SOC report. Industries Served: SaaS vendors, cloud service providers, MSPs, data centers, supply chain companies, loan servicers, payroll processors, employee benefits and retirement plan operators, registered investment advisors, trust departments, healthcare organizations, FinTech companies, VC firms, financial services, retail, higher education, hospitality, nonprofits, and manufacturing.