Many companies that work with a significant amount of service organizations (third parties that provide critical services to clients) request a SOC report to review the controls of these organizations relevant to security or internal controls over financial reporting. SOC 2 reporting is becoming more important to companies as their clients want to know that their data and information is secure. This reporting often creates a competitive advantage for companies differentiating them from others. Recognizing why a SOC 2 report is valuable is extremely important to a company’s growth. Understanding the framework underlying a SOC 2 report is important to know what principles your organization should have examined. Recently the framework developed by the AICPA was restructured and updated. The updated Trust Services Principles have been restructured around a set of common criteria which essentially make up the security principle. These common criteria are organized into the criteria of:
- Organization and management
- Risk management and design implementation of controls
- Monitoring of controls
- Logical and physical access controls
- System operations
- Change management
Download this whitepaper to understand the changes made to the Trust Services Principle and to gain a better understanding of why a SOC 2 report will add value to your company, as well as, growth.