Service organization control

The SOC was developed by the American Institute of CPAs ( AICPA ). It defines the criteria for managing customer data based on five “trust principles”.

  • security
  • availability
  • confidentiality
  • processing integrity
  • privacy

Report SOC 1®

  • Submitting reports on inspections in the service organization
  • Relevant to the internal control of user entities 
  • Financial reporting

It corresponds to the needs of the user entities’ management. The auditors assess the effect of the service organization by checking the assertions of the entity’s accounting unit. These reports are an important part of user entities’ evaluation of their internal controls over financial reporting for compliance with laws and regulations and for the user entity’s auditors who plan and conduct financial audits.

Report SOC 2®

The SOC 2 Type 1 report is particularly useful for service companies because it can increase their competitive advantage. It provides potential customers with the assurance that the service organization has passed the audit process outlined above and that their data is secure when working with a company that is compatible with SOC 2.

As the number of cybercrime cases increases, there is a concomitant increase in customer demand for SOC 2 Type 1 reporting. Companies now want to work with vendors who can demonstrate that they can readily manage or handle sensitive data well. This report is now considered a necessity for companies that handle customer data, such as healthcare companies and financial institutions.

Generating a SOC 2 Type 1 report is also quick, once the service unit completes the readiness assessment. Clients usually look for this report when shopping for a third-party supplier, especially since the Type 2 SOC 2 report, can take up to a year to complete.

What’s more, the audit for this report is generally cheaper because auditors require minimal data to determine the service organization’s position in terms of compliance with regulations. Likewise, it is not necessary to involve staff or provide as much documentation as would be required when submitting a Type 2 report.

Service organizations should strive to adhere to SOC 2 Type 1, especially when attempting to form a partnership with larger companies that are particularly vigilant. There is a greater likelihood of larger companies working with service entities that have a SOC 2 Type 1 report prepared by a reputable auditor. To put it briefly, adhering to this audit procedure gives the service provider a competitive advantage.

Switch The Language

    SUSS Consulting s.r.o. has been operating on the market since 1997 and is an experienced consulting organization that offers a wide range of services to its customers. The main activity of the company is the implementation of quality systems and possible preparation of clients for certification according to international standards. We also deal with process mapping and subsequent – process analysis, in order to simplify processes, reduce costs and increase efficiency in companies.

    Company headquarters

    Vinohradská 939/39
    120 00 Prague 2


    tel.: +420 241 411 300
    fax: +420 241 410 678


    IČ: 251 33 781
    DIČ: CZ251 33 781

    Company is registered at the Municipal Court in Prague, Section C, Insert 52502.