In our previous post, Authenticated Financial Information, we explored the need for a private company clearinghouse that can be used to protect and deliver trustworthy financial information. One of the ways firms and their business clients are utilizing a clearinghouse is for SOC report distribution – a process that is becoming more challenging to manage as an increased focus on third-party controls has led to a rise in requests for reports.

If you consider the way most service organizations distribute SOC reports today, you might think of basic methods like email and mail, often with no standardized process or central group managing it. Requests are often sent to various individuals at a service organization from different types of requestors. While convenient, these methods offer little in their ability to track where reports have been sent to and in verifying that the person requesting the report is qualified to receive it. What happens when there is a change or updated report available? How would the previous recipients be notified? What is the approval process? Are NDAs appropriately collected?

Aside from internal challenges, what about the customer experience? Providing customers with an easy, quick way to receive reports is important, but one should also consider if their distribution methods reflect a level of security and control that one would expect from an organization that has already undergone a SOC engagement.

RIVIO solves all these challenges and boasts a high level of user-friendliness for all parties. It puts a service organization in control over the distribution of their SOC reports while also keeping everything confidential and secure.

How does it work?

RIVIO Clearinghouse is a platform designed for three different users: CPA firms, businesses, and third-party users. It provides one location for each party to request, share, and verify information – all through a secure, accessible environment that has undergone all three SOC examinations, has received an ISO 27001 Certification for Service, TRUSTe Privacy Policy Certified, and EU-US Privacy Shield certified.

  1. Request: The platform offers a way for organizations to request SOC reports from their CPA firms and provides a way for customers to request reports from their service providers. When requests are issued, a notification is generated through the system and produces a link for the appropriate party to respond by uploading the SOC report.
  2. Share: SOC reports can be shared with individual customers or with groups through defined distribution lists. The platform tracks recipients of reports and also provides a way to recall information, should a report be updated.
  3. Verify: The platform has a validation process to confirm information came from an authentic source and has been unaltered.

Are you ready to take control of SOC report requests? Visit to learn more.