What is SOC and Why Should You Care?
What is SOC?
SOC (System and Organization Controls) is a suite of reports produced by an audit of an organization’s internal controls. These controls are the mechanisms, rules and procedures which ensure the integrity of a company’s financial information, reliable financial reporting, and legal and regulatory compliance. Audits are conducted by Certified Public Accountants (CPAs) accredited by the American Institute of Certified Public Accountants (AICPA).
SOC for Service Organizations
If you are a business that relies on regulatory and compliance standards to operate, you will want to review SOC reports from potential partners or vendors to help ensure your data is safe. It is important to know that companies you entrust with your business can prove they have established measures in place that protect themselves with industry best practices.
And if you are a business that provides services which may impact your customers’ financial reporting, you may be asked to undergo a SOC audit to provide assurance that you have the proper procedures in place and that those procedures are operating effectively.
Three SOC Reports
- SOC 1 (SOC for Service Organizations: ICFR) reports will document a company’s internal controls around financial reporting. A Type 1 report shows that a company has policies and procedures in place, while a Type 2 report will test the policies and procedures to ensure they are working as intended.
- SOC 2 (SOC for Service Organizations: Trust Services Criteria) reports show a company’s internal controls around IT policies and procedures. SOC 2 reports also have the same Type 1 and Type 2 reports. SOC 2 Type 2 audit reports on internal controls relating to security, availability, process integrity, confidentiality and privacy. Plus, they also report on the effectiveness of the controls.
- A SOC 3 (SOC for Service Organizations: Trust Services Criteria for General Use) report is essentially a summary of a SOC 2 Type 2 report with less technical specifics and detail. A SOC 3 report from a partner may not have the information you require.
SOC Reports for your MSP
The safety of your data is of utmost importance, so when you partner with a Managed Service Provider (MSP), it is integral that you verify their SOC compliance. It will give you the peace of mind that your critical information is in good hands.
Here at Revolution Group, we are committed to providing the highest level of service and security to our customers and have completed SOC 1- SSAE Type II and SOC 2 Type II. Read more about SOC and your MSP on our blog.