Guest Blog by Sarah Morris, originally for KirkpatrickPrice, August 5, 2016. If you’re being asked about SOC 2 Compliance-a Service Organization Control 2 (SOC 2) Report-for the first time, you might be wondering, “Why?” and “What is a SOC 2 Audit Report?” It’s becoming increasingly common for organizations to request that their vendors become SOC 2 compliant so they can ensure that the companies they are working with are appropriately protecting their sensitive information.
The SOC 2 report addresses principles (known as the Trust Services Principles) such as security, availability, processing integrity, confidentiality, and privacy. These principles address matters of information security that are critical today, especially for organizations concerned about whether or not their third parties are handling their information in a secure manner.
Demonstrating that you or your vendors are SOC 2 compliant means demonstrating that the policies, procedures, and controls that are in place properly address the Trust Services Principles you have selected for your SOC 2 audit report. These principles are addressed by answering the following questions:
- Security – Is the system protected against unauthorized access?
- Availability – Is the system available for operation and use as agreed?
- Processing Integrity – Is the system processing complete, valid, accurate, timely, and authorized?
- Confidentiality – Is the information that’s designated as confidential protected as agreed?
- Privacy – Is personal information collected, used, retained, disclosed, and destroyed in accordance with the entity’s privacy notice?
If you’re being asked to demonstrate SOC 2 compliance, or if you’re simply wanting to get ahead in your industry, engaging a third-party auditing firm to perform a SOC 2 audit is the right next step. SOC 2 compliance shows that you have matured the practices at your organization and are committed to gaining client trust. Are you confident your internal controls are protecting systems that process sensitive information? Are you ready to decide whether a SOC 2 report is what your organization needs? Contact KirkpatrickPrice to speak with a SOC 2 expert and find out how you can begin your SOC 2 audit process, today.
The National List thanks Sarah Morris and KirkpatrickPrice for allowing us to repost their blog on this very timely topic. You can find additional information by clicking on this link – SOC 2 Compliance, or by visiting other Internet sites. You also can find the names of other audit service companies on the NL Website under www.nationallist.com/nl_resources/services.