We know how crucial it is to sustain and grow a customer base. If your company is considered to be a service organization, your company provides a valuable end product or service that your customers rely on. As part of a customer’s due diligence process and vendor management program, they may ask for a System and Organization Control (SOC) report. If your company hasn’t undergone a SOC examination, there is the potential of losing valuable business opportunities.
A SOC examination, although not an industry requirement, is becoming more common as a best practice that can set your company apart from others who don’t undergo such an examination. If asked by one of your customers, what will your answer be?
Signs You Need a SOC Examination
First, you need to determine how the service your company provides impacts the users relying on that service. Does the service you provide produce financial information user entities need as part of their financial reporting process, such as payroll preparation? If so, users need the assurance the information they are obtaining is accurate, timely, complete, and secure.
Alternatively, do you provide a cloud-based platform in which user entities house potentially sensitive data? If so, users need the primary assurance the platform being used is secure and available when needed, although other criteria may also be applicable. The answers to these questions are not always as straightforward as the examples above, but understanding the end user’s objective will help determine whether a SOC 1 or a SOC 2 examination would be the best solution for your company.
Although there are similarities between the two types of reports, there are also distinct differences, such as the purpose, scope, and audience. It is essential to work with your professional advisors to understand these differences, and to determine which type is most applicable for your company.
At Anderson ZurMuehlen, we understand the complexities of the SOC examination and reporting process, and we can help you in understanding what your customers are asking for. To learn more about SOC examinations and how to prepare for a successful SOC examination, please contact us.
This article was written by Jan Schweitzer, CPA, CFE, and Shareholder in our Missoula office.