Take control: Why a SOC report makes all the difference.

AuthorKradjan, Chris
PositionSecurity controls

Many service organizations depend on the integrity of their control environment to protect their business as well as that of their customers. With new technologies being unveiled at record speeds and the increasing reliance of third-party vendors, there's an ever-growing need to perform diligence and monitor the security surrounding these business partners.

[ILLUSTRATION OMITTED]

An effective way to ensure internal controls are in place and operating effectively is to conduct a Service Organization Control (SOC) examination. These reports have become a standard way for financial statement auditors, internal auditors, security officers and procurement departments to reduce audit procedures, gain critical insights in their partners and help ensure their systems and data remain secure.

Who Needs a SOC Report?

SOC examinations can be conducted for a range of service organizations, whether they handle financial records or host the systems and data used to conduct business. Traditionally, parties providing such services can include software-as-a-service, infrastructure-as-a-service, platform-as-a-service, application service providers, business intelligence software, printing services, document solution providers, data centers, co-location facilities, managed services companies, network service bureaus, benefit plan administrators, third-party administrators, investment managers, hedge fund accounting services, payroll bureaus, data processing centers, financial institutions, bank trust departments, credit unions and collection agencies.

Why Issue a SOC Report?

More and more companies are outsourcing services. Ideally, a third-party vendor will exert the same level of internal controls you would, but to make sure everyone is on the same page, it's important to know what your vendors are doing when it comes to:

* Financial and performance history.

* Security and availability safeguards.

* Reliable processing integrity.

* Confidential and private records.

* Regulatory and operational compliance.

* Compliance with service level agreements.

* Regular due diligence and monitoring.

SOC 1, 2 & 3: The Differences

SOC 1 involves internal controls related to financial reporting. For example, a financial services provider that handles transaction processing may request a report to look at its transaction processing and operations. SOC is considered an auditor-to-auditor communication, which means a service auditor completes the report and then provides it...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT