SERVICE ORGANIZATION CONTROL (SOC) REPORTS / SSAE 16 AUDITS
With identity theft and fraud on the rise, companies must pay closer attention to the security of customer and company information. As a result, third-party outsourcing providers are receiving requests from their clients and prospects for an independent review of their internal controls. These reviews fall under attestation standards (SSAE 16 and AT-101) and are known as Service Organization Control (SOC) engagements.
Companies that typically need a SOC report include organizations that perform outsourced services on behalf of their customers. Examples are payroll processors, healthcare claims processors, Software as a Service (SaaS) providers, network administrators, managed security service providers, co-location data centers, cloud-computing providers, financial services processors, customer support call centers, accounts receivable processors, credit recovery managers, trust departments, transfer agents, custodians, mortgage servicers, ISP and web-hosting service providers, ASPs and many more.
Having Dansa D’Arata Soucia, as an independent party, perform a SOC review will provide independent assurance of a company’s internal control environment. It also sends a message to customers and prospects that they can rely on a company to handle information accurately and securely.
In addition, a SOC report will help create customer confidence in a business, and a SOC 3 report can be used to market the company and attract sophisticated customers who are concerned with these important issues.