Third party assurance – SOC 1, SOC 2 & ISAE 3402

Many companies are choosing to engage specialist third parties to provide services on an outsourced basis using skills or solutions that they do not have in-house.

There is a heightened focus on the need for effective oversight of the risks associated with outsourcing and our third-party assurance service line is designed to provide companies with such assurance.

Companies that specialise in managing outsourced processes are generally required to provide assurance to their clients in the form of a third-party assurance certification such as SOC 1, ISAE 3402 or SOC 2. Such assurance is often required in order to attract new customers or retain existing clients.

Mazars provide a full suite of third party assurance services to clients across the following third-party assurance standards:

SOC 1 and ISAE 3402

An assurance report that focuses on a service organization’s system of internal controls that are relevant to the internal controls over financial reporting

SOC 2 (and SOC 2+)

An assurance report that focuses on a business's non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system

SOC for Cybersecurity

An assurance report that focuses on an organisations' enterprise-wide cybersecurity risk management program.

Agreed Upon Procedures (AUP)

An audit on a specific test or business process

In relation to these standards we provide:

  • Planning services: assistance with scoping and preparing the documentation required for a third-party assurance audit
  • Readiness assessment: performance of testing to identify gaps between existing controls and those required to obtain an unqualified audit report.
  • Audit services: performance of a SOC 1, SOC 2, ISAE 3402, SOC for Cyber or AUP audit 

Got a question? Just get in touch

Join our mailing list

We have insights into developments that affect your business. We can provide you with unique perspectives and thoughtful solutions so you can meet new challenges and seize opportunities. Subscribe here

Risk consulting news