Daily Business Review published an article by Partner Mark Agulnik, about the importance of System and Organization Controls (SOC) reports from external service providers.
Daily Business Review
By Mark Agulnik, Partner, IT Risk and Assurance Services
Legal and compliance departments, financial statement auditors and regulators require SOC 1 reports in an effort to reduce the risk of potential misstatement in the entity’s financials… Demand for SOC 2 reports stems from outsourcing, especially IT functions (e.g., data centers, managed IT services and software development). Legal and compliance departments are paying attention, given the prevalence of data breaches, when service organizations gain access to personally identifiable information (PII), Protected Health Information (PHI) and/or Intellectual Property (IP).