Service Organizations Impacted by New System and Organization Controls (SOC) 2 Report Guidance

CHICAGO (May 10, 2018) – A flash poll conducted by Baker Tilly Virchow Krause, LLP (Baker Tilly) indicates 86 percent of service organization respondents think they will be impacted by new SOC 2 guidance released by the American Institute of Certified Public Accountants (AICPA) on March 14, 2018.

“As vendor management continues to rise in priority among most organizations, the SOC 2 reporting framework has become an effective tool for providing insight and assurance regarding a service organization’s system to external IT risk and compliance stakeholders,” Mark Boettcher, senior manager with Baker Tilly’s risk, internal audit and cybersecurity practice, said. “Organizations must apply judgment on how to adopt some of the guidance for SOC 2 reports, including augmenting current processes and controls.”

“Organizations with a Sept. 30 period end may think this is an issue that can be addressed next year; however, controls should be in place by the time your next period starts on Oct. 1,” Emily Di Nardo, manager with Baker Tilly’s risk, internal audit and cybersecurity practice, said. “Clients should evaluate the changes and resulting impacts, identify control gaps and verify remediation is conducted to ensure the proper controls are implemented in time.”

Baker Tilly recently held an educational webinar, “System and Organization Controls (SOC): Latest SOC 2 guidance updates and impacts for issuers and recipients,” to help service organizations and SOC 2 report users understand important considerations and key topics under the new guidance.

The webinar presenters discussed:

  1. Key updates in the newly released SOC 2 guide, and how they impact the reports
  2. How the new Description Criteria differs for reports issued with periods ending after Dec. 15, 2018, and what service organizations and users need to do now to prepare 
  3. Distinctions between SOC 2 examinations and SOC for Cybersecurity examinations, as described in the recent AICPA whitepaper

Presentation slides and a recording of the webinar are available at bakertilly.com/insights/system-and-organization-controls-soc-latest-soc-2-guidance-updates-and-impa.

To better understand the key effective dates that apply to your organization, review Baker Tilly’s short article highlighting these compliance deadlines bakertilly.com/insights/alert-aicpa-releases-new-guidance-on-system-and-organization-controls-soc-2.

About Baker Tilly Virchow Krause, LLP (bakertilly.com)

Baker Tilly Virchow Krause, LLP (Baker Tilly) is a nationally recognized, full-service accounting and advisory firm whose specialized professionals connect with clients and their businesses through refreshing candor and clear industry insight. With approximately 2,800 employees across the United States, Baker Tilly is ranked as one of the 15 largest accounting and advisory firms in the country. Headquartered in Chicago, Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 147 territories, with 33,600 professionals. The combined worldwide revenue of independent member firms is $3.4 billion.