Defining a Service Organization

Providing assurance for clients (users) of Service Organizations is the basis of all SOC Reports. Service Organizations are just outsourcing providers of functions that have traditionally been performed and audited within the client (user) organization.

Are you a Service Organization?

Example Service Organizations
Organization Type Typical Outsourced Service Provided
Sources: AICPA Information for Management of a Service Organization page 3
AICPA Guide 2012: Reporting on Controls at a Service Organization section 1.01 (paywall)
Cloud Computing Providing Infrastructure, Platform or Software As A Service
Managed Security Also known as Security as a Service (SecAAS), providing outsourced access and security control.
Finance Transaction Services Providing back office functions for banks, fund managers, brokers and similar.
Customer Support Providing online or phone help for IT or physical products post-sales
Sales Force Automation & CRM Providing automation and data management for all processing associated with a sales force or customer database.
Enterprise IT Outsourcing Operating and maintaining outsourced data centres, infrastructure, apps and supporting functions.
Health Care Claims Management Providing outsourced medical record and health insurance processing systems