The CEO of a cloud service provider recently told me: “Everyone knows that computer systems are interconnected and sometimes systems go down.”
He was speaking to the degree of forgiveness customers have for their online services. He went on to say that one outage might be accepted, but customers can quickly start looking for other providers if their systems or data are inaccessible.
My clients often have difficulty identifying all the links in their digital supply chain. If you are like them, you know who your critical “digital suppliers” are (these typically include outsourced payroll and email and sometime include general ledger, inventory or other systems closer to operations), but perhaps you don’t know who their suppliers are, much less their suppliers’ suppliers. In this “digital supply chain,” how many online or cloud providers must be up and running for your data to be accurate and available? How many businesses have access to your information? This can be difficult to determine, as the NSA reportedly experienced through their contractor, Booz Allen and their employee, Edward Snowden.
Service Organization Control
Fortunately, the accountants at the American Institute of Certified Public Accountants have provided a reporting framework for evaluating security, availability, processing integrity, confidentiality and privacy in your digital supply chain. Their name for these B2B service provider reports is “Service Organization Control” or “SOC.” The intent of these reports is to provide added confidence in your digital supply chain. For now, they are one of the best steps available for gaining confidence in the supply chain, as evidenced by the support of the Cloud Security Alliance for the SOC reports.
At Barnes Dennig, we can provide the services you need to evaluate and ensure the utmost integrity of your organization’s most sensitive information. To find out more about SOC, click here to contact us or call 513-241-8313.