In relation to SOC reporting, in the opinion of the auditor, a determination is made regarding whether a control is operating effectively and provides reasonable assurance that the control objectives stated in management’s description of the vendor’s system were achieved.