Why am I Being Asked about SOC 2 Compliance?

by Sarah Harvey / August 5th, 2016

If you’re being asked about SOC 2 compliance for the first time, you may be wondering why. It’s becoming increasingly common for organizations to request that their vendors become SOC 2 compliant so they can ensure that the companies they are working with are appropriately protecting their sensitive information.

Perhaps you’re a vendor of a larger organization who is being audited by a publicly traded company, or maybe you want to demonstrate that security is a critical part of your organization. These clients will require you to demonstrate SOC 2 compliance to address any information security risk concerns. The SOC 2 report addresses principles (known as the Trust Services Principles) such as security, availability, processing integrity, confidentiality, and privacy.

Demonstrating that you’re SOC 2 compliant means demonstrating that the policies, procedures, and controls you have in place properly address the Trust Services Principles you have selected for your SOC 2 audit report. These principles are addressed by answering the following questions:

  • Security – Is the system protected against unauthorized access?
  • Availability – Is the system available for operation and use as agreed?
  • Processing Integrity – Is the system processing complete, valid, accurate, timely, and authorized?
  • Confidentiality – Is the information that’s designated as confidential protected as agreed?
  • Privacy – Is personal information collected, used, retained, disclosed, and destroyed in accordance with the entity’s privacy notice?

If you’re being asked to demonstrate SOC 2 compliance, or if you’re simply wanting to get ahead in your industry, engaging a third-party auditing firm to perform a SOC 2 audit is the right next step. SOC 2 compliance shows that you have matured the practices at your organization and are committed to gaining client trust. Are you confident your internal controls are protecting systems that process sensitive information? Are you ready to decide whether a SOC 2 report is what your organization needs? Contact us today using the form below and speak with a SOC 2 expert and find out how you can begin your SOC 2 audit.

If you have been asked for a SOC 2 Audit Report, this might be the first time that you’ve had that request and you might be wondering what a SOC 2 Audit Report is. It seems to be very popular right now for organizations to ask their vendors about whether or not they are SOC 2 compliant. SOC 2 addresses principles such as, security, availability, confidentially and processing integrity.

And so as a vendor to a larger organization that’s perhaps being auditing by a publicly traded company, they may ask you for a SOC 2 Audit Report because it’s specifically designed for Service Organizations. And it’s addressing matters of information security that are so important today as people are concerned about their third parties and whether or not they’re handling their information in a secure and effective manner. So look into a SOC 2 Audit Report, determine if it’s right for you, and contact us today to see if we can help in any way.