Service Organisation Controls

How do you know that your outsourced providers have adequate controls in place over the processes undertaken on your behalf? Conversely, how do your clients gain the comfort they need over the controls you operate on their behalf?

Service Organisation Controls

Organisations providing outsourced services to clients may need to consider the benefit of subjecting related processes and controls to a robust independent review of service organisation controls (SOC). A SOC report is a culmination of a detailed analysis of the internal management processes and controls that an organisation employs, based on either of the following standards:

  • SSAE 16 (Statement on Standards for Attestation Engagements – US standard); or
  • ISAE 3402 (International Standards for Assurance Engagements).

Offering a SSAE 16 / ISAE 3402 report to prospective or existing clients can set you apart from your competitors by demonstrating the seriousness with which you take internal control.

The benefits of using Mazars

Through our international operations, we are able to provide the certification you need using professionals highly experienced in delivering such assignments. We offer:

  • Guidance on how to adopt these standards;
  • The preparation of documentation for audit;
  • Dedicated client managers;
  • Consistent and experienced teams; and
  • Working practices which are flexed to your unique needs.

Get in Touch

Please submit the form below if you require any further information on the service provider reviews we undertake.

Your personal data is collected by Mazars in the United Kingdom, the data controller, in accordance with applicable laws and regulations. Fields marked with an asterisk are required. If any required field is left blank, it will not be possible to process your request. Your personal data is collected for the purpose of processing your request.

You have a right to access, correct and erase your data, and a right to object to or limit the processing of your data. You also have a right to data portability and the right to provide guidance on what happens to your data after your death. Finally, you have the right to lodge a complaint with a supervisory authority and a right not to be the subject of a decision based exclusively on automated processing, including profiling, that produces legal effects concerning you or significantly affects you in a similar way.

Related Content

Lock electronic protection data header.jpg

Protecting Employees - Payroll

Robust continuity strategies are critical. In addition to business operations and sales, your business continuity plans should focus on protecting your employees.

Emir 1086 par 202

Risk Management

Do you have the necessary systems in place to identify and manage threats to your business and maximise opportunities as they arise? Whether you are putting a risk management framework in place for regulatory reasons or to comply with best practice, the benefits of drawing upon our experience are manifold.


Sarbanes-Oxley (SOX) compliance

The provisions of the Sarbanes-Oxley Act of 2002 are now well established in the US. This Act has implications for almost everyone associated with US public companies, including related companies in Europe. The penalties for violation of sections of this Act include fines reaching into millions of dollars, and even imprisonment. In contrast to the ‘comply or explain’ approach of the Combined Code, Sarbanes-Oxley adopts a stricter ‘comply or else’ line.