Defining a Service Organization
Providing assurance for clients (users) of Service Organizations is the basis of all SOC Reports. Service Organizations are just outsourcing providers of functions that have traditionally been performed and audited within the client (user) organization.
Are you a Service Organization?
|Organization Type||Typical Outsourced Service Provided|
|Sources: AICPA Information for Management of a Service Organization page 3
AICPA Guide 2012: Reporting on Controls at a Service Organization section 1.01 (paywall)
|Cloud Computing||Providing Infrastructure, Platform or Software As A Service|
|Managed Security||Also known as Security as a Service (SecAAS), providing outsourced access and security control.|
|Finance Transaction Services||Providing back office functions for banks, fund managers, brokers and similar.|
|Customer Support||Providing online or phone help for IT or physical products post-sales|
|Sales Force Automation & CRM||Providing automation and data management for all processing associated with a sales force or customer database.|
|Enterprise IT Outsourcing||Operating and maintaining outsourced data centres, infrastructure, apps and supporting functions.|
|Health Care Claims Management||Providing outsourced medical record and health insurance processing systems|