A System and Organization Controls (SOC) engagement is a statement indicating that the service organization has had its control objectives and activities evaluated by an independent firm such as ATA, PLLC and ATA Technologies. SOC reports are a suite of reports designed to provide customers and other key stakeholders with insight into the design and operating effectiveness of system-level controls of a service organization or entity-level controls of other organizations.
From payroll, billing and credit processing companies to insurance and medical claims processor, hosted data centers, cloud computing providers, SaaS providers and internet retailers, organizations are facing increased pressure to provide evidence of adequate controls and safeguards when they host or process data belonging to their customers. In fact, many are even finding that obtaining a SOC report is quickly becoming a contractual requirement for doing business.
The world of SOC reports can be a place of confusion, technical terminology, and stringent requirements. It is also an area of growing importance as organizations struggle to meet the growing need from customers for assurance regarding the security, confidentiality, and privacy of the information processed by their systems. With our help, SOC reports will be painless.