This is a guest post that was written by April Arruda, CPA from DiSanto, Priest, & Co. in Warwick, RI. DiSanto, Priest, & Co. is a professional advisory firm that has been in business for over 50 years providing a range of services to their clients. These services include Accounting and Assurance, Tax Planning and Compliance, Management Consulting, and Business Advisory services. For more information, please visit the DiSanto, Priest, & Co. website at http://www.disantopriest.com or by calling them at (401) 921-2000.
Over the past year, we have written several blog posts about the types of Service Organization Controls (SOC) reports and how obtaining such a report can benefit you or your organization. Although we have covered topics explaining the contents of the reports, such as the differences between a Type I and Type II report and the Five Trust Services Principles specific to a SOC 2 or SOC 3 report, we have not yet discussed the process for creating a SOC report and the documentation that a service organization needs to have in place in order for an auditor to issue an opinion.