Schulz Consulting

Consulting and Upgrades

  • Home
  • Services
  • Contact

SOC Audit Reports For Sage 100

May 5, 2023 by Wayne Schulz

SOC (System and Organization Controls) reports are standards established by the American Institute of Certified Public Accountants (AICPA) to evaluate the effectiveness of internal controls over the financial reporting of service organizations.

These reports help service organizations to demonstrate their commitment to security, availability, processing integrity, confidentiality, and privacy to their clients and other stakeholders. The report is intended for users who rely on the services provided by the service organization, such as customers, auditors, regulators, and other stakeholders.

Not all organizations require SOC reports, but they are particularly relevant for companies that provide services critical to their customers’ operations, especially those that handle sensitive or confidential data.

When Is SOC Reporting Required?

A SOC (System and Organization Controls) report may be required when a service organization provides services that are critical to its customers’ operations, particularly when those services involve the handling of sensitive or confidential data.

Such services include data hosting, cloud computing, payroll processing, and healthcare claims processing. In many cases, the service organization’s customers may request a SOC report to assure that the organization has appropriate controls to protect their data’s security, availability, processing integrity, confidentiality, and privacy.

Additionally, regulatory requirements or contractual obligations may also require a SOC report. Ultimately, the decision to obtain a SOC report will depend on the specific circumstances of the service organization and its customers.

What Are The Different Types of SOC Reports?

There are three types of SOC reports:

SOC 1

A SOC 1 report, also known as an attestation report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, is a type of audit report that assures the design and operating effectiveness of internal controls over financial reporting. SOC 1 reports are typically used by financial institutions and other organizations that are required to comply with specific regulations, such as the Sarbanes-Oxley Act of 2002.

SOC 2

A SOC 2 report, also known as an attestation report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, is a type of audit report that assures the design and operating effectiveness of internal controls over one or more of the following trust service principles: security, availability, processing integrity, confidentiality, or privacy. SOC 2 reports are typically used by organizations that need to demonstrate to their customers, partners, or other stakeholders that they have implemented effective security controls.

SOC 3

A SOC 3 report, also known as a management report on controls at a service organization, is a type of audit report that provides a high-level overview of the design and operating effectiveness of internal controls over one or more of the following trust service principles: security, availability, processing integrity, confidentiality, or privacy. SOC 3 reports are typically used by organizations that want to share their security posture with their customers, partners, or other stakeholders.

SOC reports can be a valuable tool for companies that outsource services. They can help ensure that the service organization has adequate controls to protect the company’s data and assets.

Is a SOC Report Available for Sage 100?

According to this knowledgebase article created by Sage on June 14, 2022 (updated March 9, 2023), a SOC report is not required for Sage 100 since “Sage 100 is on-premise software where we do not conduct SOC audits.”

The article elaborates as follows:

  • Available SOC reports (along with applicable bridge letters). [Not applicable, as Sage 100 is on-premise software where we do not conduct SOC audits].
  • Audited Financials and, if applicable, bridge letter. [As a publicly-traded company, customers may review the financial information we make available on our investor webpage at https://www.sage.com/investors/financial-information/]
  • Privacy Policy [Our privacy policy can be found at https://www.sage.com/en-us/legal/privacy-and-cookies/]
  • Terms of Service [The end user license agreement governing a customer’s purchase of Sage 100 can be found at https://www.sage.com/en-us/legal/terms/]
  • Business Continuity Plan/Test Results [Not applicable to on-premise software where we do not have access to a customer’s data]
  • Copy of Information Security Policy [Not applicable to on-premise software where we do not have access to a customer’s data]

Share this:

  • Twitter
  • Facebook
  • Email
  • LinkedIn

Filed Under: Sage 100 ERP, sage 100cloud, Sage Partner Cloud Tagged With: soc reports

Secure cloud hosting for Sage 100
Call 1-888-244-6559 (toll-free)

About Wayne Schulz

Wayne Schulz is a Sage 100 Consultant located in Connecticut. He has worked with Sage 100 since 1986 and provides advanced support to companies located throughout the United States. If you are experiencing an issue with Sage 100 and would like to schedule a support session - please request assistance here or call 860-657-8544.

Access Sage 100 in the cloud today. 3rd party applications supported Available 24/7 from anywhere. Dedicated hosts

Call 1-888-244-6559 (toll-free)

Search Our Site

Sage 100 Newsletter

Sage 100 News

  • Sage 100 Updates for 2023: The Year-End Edition You Can’t Afford to Miss
  • Summit Hosting Rebrands as Summit
  • Does Sage have plans to stop supporting TLS 1.0 & 1.1 for Sage 100?
  • Payroll Requirements for Year-End 2023
  • DataSelf ETL+ v2023.07 for Sage 100 Announced
  • Version History of Sage 100 Accounting Software
  • What Happens if Sage 100 Goes Read-Only?
  • Sage 100 Knowledgebase Updated
  • Top Sage 100 New Features – Versions 4.4 through 2023
  • The Wayfair Ruling at Five: Why 72% of Businesses Still Struggle with Economic Nexus

Contact Us

Schulz Consulting
Connecticut Office
Click Here To Contact Schulz Consulting
Phone: 860-657-8544
Email Us
Available remotely nationwide.
We are a local branch of DSD Business Systems Connecticut.

Copyright © 2023 · Parallax Pro Theme on Genesis Framework · WordPress · Log in

sage 100 email newsletter
Schulz Says Email NewsletterSent Thursday by 1pm

Join our Sage 100 email newsletter.

  • Sent weekly each Thursday 
  • Over 1,500 subscribers
  • No spam - leave anytime
  • Learn about pending updates, fixes, popular integrations
Become a Member

Never see this message again.