In the wake of numerous high impact data breaches many organizations are strengthening their vendor management requirements for all their service providers — financial and nonfinancial. Any organization that provides services that involve the collection, storage, processing or transmission of information received from customers must ensure that their internal controls are secure. This includes any and all information technology and business process controls that touch customer data. It’s now become a common practice for customers of service organizations to request information about their service providers’ data controls from a SOC 2SM report. This empowers stakeholders (and their auditors) to easily evaluate vendors and maintain better oversight of the organizations that they do business with. During contract renewal periods, if they’re not careful, an organization could be at risk of being let go in favor of a vendor who has a SOC 2 report ready.
If you’ve been asked by a customer or prospect to provide a System and Organization Controls (SOC) 2 audit report, contact a Withum SOC specialist online, or give us a call at (609) 520-1188 and ask for Tony Chapman to discuss any of your questions or concerns.
The five SOC 2 control objectives (AICPA principles) include:
SOC 2 compliance requires the Security section of the report to be completed, while the four other sections are optional. So, in layman’s terms, a service organization requesting a SOC 2 audit must include the TSP of Security. Then, depending on the services provided by the service organization, they can elect to add one or more of the additional four principles to the report. The SOC 2 is a restricted use report that can only be distributed to existing customers and their auditors.
Like the SOC 1 report, there are two types of SOC 2 audits — the SOC 2 Type I and the SOC 2 Type II report.
In order to get a SOC 2 audit report, you’ll need to engage with an AICPA approved, third-party independent CPA. Withum has a team of SOC specialists that are trained and well-versed in the intricacies of SOC 2 compliance and the needs of our clients. To discuss your SOC 2 report needs with one of Withum’s SOC Specialists, contact us online, or give us a call at (609) 520-1188 and ask for Tony Chapman.
SOC Audit Seal