< back to insights gallery

SOC reports Proving security building trust

INFOGRAPHIC | February 06, 2023 | Authored by RSM US LLP

The reality in today’s business environment is that the threat of a data breach is high, and no business wants the stress and expense of managing a cyberattack. Smart companies are proactively prioritizing protective systems that shield their enterprise IT. The first step many of them are taking is a readiness review called a Service and Organization Control (SOC) report.

These independent audits help a business understand and manage their risks—and measure trust through key areas of their data’s lifecycle. This infographic explains the three types of SOC reports and how they measure whether data:

  • is secure, confidential and private throughout its lifecycle—including during creation, collection, processing, transmission and storage
  • is available
  • has process integrity

Explore which type of SOC report is best for your business and the ROI an audit can deliver—including additional process transparency, cybersecurity premium cost savings and increased customer trust.

According to IBM’s “Cost of a Data Breach” report:1

In 2022, the average cost of a data breach in the U.S. topped

$9.44 million


of organizations suffered more than one breach in 12 months


of breaches were cloud-based


of breaches occurred because of a compromise at a business partner

To better manage risks, businesses want vendors and service providers to verify the strength of their internal controls, driving a surge in demand for the independent audits known as Service Organization Controls (SOC) reports.

The Association of International Certified Professional Accountants survey found that:2

Between 2018 and 2020:


Demand for SOC 2 audits grew


SOC 1 exams—already strong—rose


SOC 2 readiness assessments rose


SOC 1 readiness assessments climbed

Which SOC report fits?

There are three SOC reports most leveraged in the market today. Which type do you need?

If you need to…

Process transactions or manage an outsourced function that impacts your customers’ financial statements

You’ll need…


Provides transparency into internal controls over financial reporting

If you need to…

Are responsible for systems that manage, hold, or process client data

Serve, or want to attract, large organizations

Operate in a highly regulated environment

You’ll need…


Centralizes the testing of an organization’s security environment for external parties

If you need to…

Want to share results publicly in marketing material or on your website

You’ll need…


Provides attestation of controls that can be shared publicly

Attesting to trust with SOC 2

SOC 2 reports leverage a framework of five trust services categories:


Controls relate to protecting data from unauthorized access/disclosure and other cybersecurity-related risks during the collection or creation, processing, transmission, and storage of data.


These controls ensure systems are reliable and available to clients, employees, and customers when they need them.

Processing integrity

These standards relate to system processing, specifically if your system works properly and provides timely, accurate data.


These controls and standards govern how confidential information is managed, including creation through its final disposition/removal and classification and protection by limiting access, storage, and use.


Control activities for how personal information is collected, used, retained, disclosed, and disposed of based on the entity’s objectives.

The ROI of SOC

SOC audits offer a broad view into the mechanics of an organization that can inform strategic planning and spur growth. Top benefits of SOC reporting include:

Satisfy customer demand

Validates the safety of customer data from unauthorized access and theft

Cost effectiveness

Can reduce security breaches, minimize efforts related to annual security due diligence, and lower cybersecurity insurance premiums

Competitive advantage

Provides an edge in winning bigger customers by sharing verification upfront

Visibility and transparency

Yields valuable insights about:

  • Organizational risk and security posture
  • Vendor management processes
  • Internal controls governance

Validating systems and controls

To gain a competitive advantage and build trust with current and future clients, SOC reports can begin your journey to validate your systems and controls. You will also want to work with an experienced firm that can direct the entire process and offer strategic insights along the way,

Learn more about SOC reports in RSM’s whitepaper, “Effective SOC reporting: Understanding your company’s options” or visit our Service Organization Controls solutions web page.

1. IBM, “Cost of a data breach 2022
2. Association of International Certified Professional Accountants, “SOC Survey,” 2022

Let’s Talk!

Call us at (541) 773-6633 (Oregon), (208) 373-7890 (Idaho) or fill out the form below and we’ll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

This article was written by RSM US LLP and originally appeared on Feb 06, 2023.
2022 RSM US LLP. All rights reserved.

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.

KDP is a proud member of RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.

For more information on how KDP LLP can assist you, please call us at:

Oregon Office:
(541) 773-6633

Idaho Office:
(208) 373-7890