
Kwang Hyuk Song
As companies increasingly rely on external IT systems and cloud-based services, they face growing demands to assess the risks and controls associated with these service organizations and respond to audit inquiries. Through the issuance of Service Organization Control (SOC) Reports, user entities can gain assurance over internal controls, while service organizations can enhance operational efficiency and credibility by responding systematically to client and auditor requests.
BDO Sunghyun offers tailored service based on our dedicated TPA Working Group and extensive experience across the global BDO network. With the participation of experts in internal controls, IT, and cybersecurity, and a scalable approach aligned to the size and complexity of each organization, we deliver maximum value and efficiency.
Our Assurance Services
1. SOC 1 / ISAE 3402 Reports – For user entities and their auditors
Evaluation of control activities over financial reporting (e.g., PLC/ITGC)
Attestation on the effectiveness of controls aligned with client-provided services
Issuance of reports in accordance with relevant assurance standards
2. SOC 2 / SOC 2+ Reports – Focused on data protection, security, availability and integrity
Attestation on data processing and security-related controls
Integrated response to frameworks including HITRUST, ISO27001, NIST, CSA
Scope coverage including data protection, security, availability and integrity
3. Other assurance frameworks
Attestation based on privacy and data protection frameworks
Domestic and international compliance
NIST, EU GDPR, DORA for overseas subsidiaries
Kwang Hyuk Song