Amarillo 806-371-7661
Pampa 806-665-8429
Hereford 806-364-4686
Write Us a Review

A check on tech: The rise of SOC reporting

E-BOOK | May 24, 2023

Authored by RSM US LLP

Is your organization receiving more and more requests for Systems and Organizational Controls (SOC) reports? Our growing dependence on technology, automation and outsourced service providers, combined with cyberthreats, supply chain issues, governance and data privacy, all mean your business will increasingly need to prove you have the controls in place to reduce digital risk.

Conducting thorough SOC reporting can allow you to proactively address these requests, paving the way for new partnerships and growth. But first, you need to understand what SOC reporting is, how it works and what to ask of third-party providers before you sign a contract.


of respondents dealt with phishing attacks.


Account compromise attacks nearly doubled in 2022 compared to 2020

2022 Statista survey

What are SOC reports?

Although not yet required by law, both private and public entities are frequently interested in the behind-the-scenes details a SOC report provides. SOC reports, designed by the American Institute of CPAs (AICPA), provide transparency and insight into how companies operate and maintain their control environment. Validated by a third-party, SOC reports evaluate the infrastructure, software, people, procedures and data controls a company has in place.

Benefits of SOC reporting

Companies that outsource key business or technology processes are inundated with requests from customers, regulators and stakeholders about how vendors and service providers are managing risks. They spend massive amounts of time and resources responding to these questionnaires and associated audits. SOC reports can reduce or eliminate the time spent answering customer questionnaires about security and controls. They also can alleviate the stress of audits performed by customers, regulators and third parties.

The SOC reporting process

  • Phase 1: Readiness
  • Phase 2: Remediation
  • Phase 3: Attestation and SOC report

Understand why your business needs SOC reports, explore what the SOC reporting process looks like and arm yourself with six key questions to ask third-party SOC report providers in this e-book.

The global cybersecurity insurance market, which was $7.6 billion in 2021, will grow from $11.9 billion in 2022 to $29.2 billion by 2027.

2022 ReportLinker study

Let's Talk!

Contact us at one of our locations or fill out the form below and we'll contact you to discuss your specific situation.

  • Should be Empty:
  • Topic Name:

This article was written by RSM US LLP and originally appeared on May 24, 2023.
2022 RSM US LLP. All rights reserved.

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each is separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit us for more information regarding RSM US LLP and RSM International. The RSM logo is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.

Johnson & Sheldon, PLLC is a proud member of the RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise and technical resources.

For more information on how ​Johnson & Sheldon, PLLC can assist you, please contact us: Amarillo | Pampa | Hereford