• Service: Advisory, IT Advisory, ERP Controls Integration, Business Systems Controls, IT Security Services, Security, Privacy and Continuity, IT Attestation, including SAS 70 Offerings, IT Project Advisory, Outsourcing Risk Management, IT Audit Co/Outsourcing, IT Strategy & Governance, Governance & Performance, IT Sourcing
  • Industry: Financial Services, Banking
  • Type: KPMG information, White paper
  • Date: 2/28/2013


Michael Hofmann


Tel. +352 22 51 51 7925


Estefania Rizzo


Tel. +352 22 51 51 7912

Reporting on Controls at Service Organizations 

Organisations are increasingly outsourcing systems, business processes and data processing to service providers in an effort to focus on core competencies, reduce costs, and more quickly deploy new application functionality.


With the retirement of the SAS 70 report in 2011, a new breed of Service Organisation Control (SOC) reports has been developed which more clearly address the specific assurance needs of the users of outsourced services.


This paper provides user organisations (customers) and service providers an overview of SOC 1 (ISAE 3402)  and SOC2/SOC3. It also provides a guidance for effectively using these reports for increased assurance over outsourced services and controls.

Download Now
PDF files require Adobe Reader to view



Share this

Get in touch with KPMG