To remedy this concern, many recordkeepers voluntarily go through independent audits of their operation and control procedures.
The result is the Systems and Organization Control Report (SOC Report). These reports can then be made available for review to current and prospective customers and users. SOC Reports are densely packed with detailed information about how the data the organization utilizes is obtained, used, stored, and eventually deleted. The types of SOC Reports an organization will use depend on the services they provide; the most common SOC reporting for recordkeepers is the SOC 1 and SOC 2.
Our L3 Fiduciary Training resource on SOC reports walks plan sponsors through what they need to understand about this report. To download a copy of our training document, please fill out the firm on the right.