SOC Reports for Start-ups Concerned With Privacy and Security
What is a SOC Report?
Originally called Service Organization Controls reports, and now called System and Organization Controls reports, SOC reports are tests of controls provided by data security experts working at CPA firms. They fill a need whenever a company is holding third-party data as a verified Seal of Approval. There are many versions and costs involved, but they generally range from $20,000 to $30,000, depending on the complexity of the security system. More information is available on our website.
Why should you consider a SOC Report for your organization?
- Credibility – Investors and customers like working with credible, trustworthy organizations. A SOC report is designed to be a seal of approval from an independent IT Auditor who is signing a report for customers saying “we have tested this service for security.” It is akin to a Good Housekeeping Seal of Approval in the business sector or a financial statement audit for a banker. It is the most popular seal of approval for a service business holding customer data. Banks and hospitals, two groups that have huge security concerns, require SOC reports from all their vendors that touch their data.
- Barrier to entry – As a business claiming market share in a huge space, rapidly developing services can compete by developing a moat, or a barrier to entry for the competition. Getting ahead of the game and offering the SOC “seal of approval” from the AICPA will speak the language of service providers worldwide and demonstrate that this is a substantial, here-for-the-long-term operation. Start-ups trying to catch up with TruSense will be burdened with proving they have comparable, verified security levels.
- Best practices – SOC 2 and SOC 3 reports rely on the Trust Services Principles. These are relied upon by thousands of businesses worldwide to demonstrate that they meet standard practices for security. They have evolved over thirty years and are specifically tailored to businesses that hold data securely for their customers. Investors and management teams can know that they are overseeing a service business that meets standard industry practices. They can sleep easier knowing an independent security expert has routinely checked on the security of their services and their systems and provided a detailed report on the results of the controls protecting the organization and its clients.
Barnes Dennig is committed to remaining on the leading edge of SOC practices, and ensuring that our team applies techniques that adhere to AICPA standards. Contact us with questions regarding SOC engagements and visit our SOC reporting services page to learn about the services that the Barnes Dennig offers.