Press Release

Service Organizations Impacted by New System and Organization Controls (SOC) 2 Report Guidance

CHICAGO (May 10, 2018) – A flash poll conducted by Baker Tilly Virchow Krause, LLP (Baker Tilly) indicates 86 percent of service organization respondents think they will be impacted by new SOC 2 guidance released by the American Institute of Certified Public Accountants (AICPA) on March 14, 2018.

“As vendor management continues to rise in priority among most organizations, the SOC 2 reporting framework has become an effective tool for providing insight and assurance regarding a service organization’s system to external IT risk and compliance stakeholders,” Mark Boettcher, senior manager with Baker Tilly’s risk, internal audit and cybersecurity practice, said. “Organizations must apply judgment on how to adopt some of the guidance for SOC 2 reports, including augmenting current processes and controls.”

“Organizations with a Sept. 30 period end may think this is an issue that can be addressed next year; however, controls should be in place by the time your next period starts on Oct. 1,” Emily Di Nardo, manager with Baker Tilly’s risk, internal audit and cybersecurity practice, said. “Clients should evaluate the changes and resulting impacts, identify control gaps and verify remediation is conducted to ensure the proper controls are implemented in time.”

Baker Tilly recently held an educational webinar, “System and Organization Controls (SOC): Latest SOC 2 guidance updates and impacts for issuers and recipients,” to help service organizations and SOC 2 report users understand important considerations and key topics under the new guidance.

The webinar presenters discussed:

  1. Key updates in the newly released SOC 2 guide, and how they impact the reports
  2. How the new Description Criteria differs for reports issued with periods ending after Dec. 15, 2018, and what service organizations and users need to do now to prepare 
  3. Distinctions between SOC 2 examinations and SOC for Cybersecurity examinations, as described in the recent AICPA whitepaper

Presentation slides and a recording of the webinar are available at bakertilly.com/insights/system-and-organization-controls-soc-latest-soc-2-guidance-updates-and-impa.

To better understand the key effective dates that apply to your organization, review Baker Tilly’s short article highlighting these compliance deadlines bakertilly.com/insights/alert-aicpa-releases-new-guidance-on-system-and-organization-controls-soc-2.

About Baker Tilly US, LLP (bakertilly.com)

Baker Tilly US, LLP (Baker Tilly) is a leading advisory, tax and assurance firm whose specialized professionals guide clients through an ever-changing business world, helping them win now and anticipate tomorrow. Headquartered in Chicago, Baker Tilly, and its affiliated entities, have operations in North America, South America, Europe, Asia and Australia. Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 145 territories, with 34,700 professionals. The combined worldwide revenue of independent member firms is $3.6 billion. Visit bakertilly.com or join the conversation on LinkedIn, Facebook and Twitter.