ARCHIVE

Please reload

BROWSE BY TAG

How to Properly Review a SOC Report

October 17, 2017

 

 

There continues to be a great deal of confusion over the new service organization reporting structure and which reports are the best to obtain. The basic intentions of the reports are as follows:

 

SOC 1 – Related to Internal Control over Financial Reporting

SOC 2 – Related to testing over the Trust Services Principles of Security, Availability, Processing Integrity, Confidentiality and Privacy

SOC 3 - A simplified report on the same principles in a SOC 2 and available for public use

 

In this article we won’t go into the details of what report you need to obtain. That information can be found in the post titled “Which SOC Report is Right for You?“ Here we’ll help answer the question of what you should be doing once you get the report in your hands. Properly reviewing these reports is an essential part of the vendor management and risk management functions, and should be taken very seriously. You are only as strong as your weakest link, which could indeed be your vendors.

 

Click here to read more

  

 

Shane M. O’Donnell, CISA, CPA, MSA

Chief Audit Executive

 

Please reload

INDUSTRIES

Automotive

Finance and Insurance

HealthCare

Technology

State and Federal

Municipal

Manufacturing

Retail

Other