System and Organization Controls: SOC Suite of Services

SOC

What is a SOC

SOC reports focus on controls addressed by five semi-overlapping categories called Trust Service Principles which also support the CIA triad of information security:

• Security
  • Firewalls
  • Intrusion detection
  • Multi-factor authentication
• Availability
  • Performance monitoring
  • Disaster recovery
  • Incident handling
• Confidentiality
  • Encryption
  • Access controls
  • Firewalls
• Processing Integrity
  • Quality assurance
  • Process monitoring
• Privacy
  • Access control
  • Multi-factor authentication
  • Encryption

SOC is the most-sought after report to verify that an organization is following best practices for cybersecurity in the United States. Because of its flexibility, the organization can design its own controls by following the COSO framework(add link). This assures businesses that the organization is trustworthy in its practices so that they can outsource business functions to them.A SOC report is an auditable report. They are performed by a CPA (Certified Public Accountant). It assures the reader (user of the report) that the management of data according to the Trust Services Principles are working or not.

What types of SOC are there?

• SOC 1
• SOC 2
• SOC 3

Describe why an organization would want SOC

• Regulatory Needs
• Does your company’s business affect the financial statements of another company?
• Does Your Company Provide a Service That Affects Compliance and Operational Controls?
• Does Your Service Organization Wish to Keep the Details of Your Controls Confidential?
• Want to market that you are in compliance with SOC to build trust with your potential
  customers.
• Kompleye can help you choose the right report for you!

Do You Need a SOC Audit Three Tips for Determining Your Reporting Needs Contact Kompleye Now!!