business Ensure Your Business is Protected Against a Cyberattack with a SOC Audit April 29, 2015 How is your SaaS provider, benefits administrator, title/mortgage company or other third party service provider ensuring your information is safe against cyber fraud? Service organization control (SOC) audits, or internal control reports are a great way for customers to ensure that service providers are practicing safe and secure controls and protecting your personal data. If you or your company is considering hiring a service provider, they should ask to review the vendor’s SOC report prior to engaging them so that you can get an accurate understanding of the organization’s controls and the risks associated with their services. Peace of mind for you and your customers As part of your risk assessment, take time to review all third parties that have access to your network. As a necessary cybersecurity precaution, the systems and controls that protect sensitive data need to be monitored through SOC reports. There are three types of SOC reports: SOC 1 Report- This report is used by auditors of user entities and user entities’ management to examine internal controls at a service organization that affect your customers’ controls over financial reporting. SOC 2 Report- This report is given to informed stakeholders and covers details on controls at a service organization that apply to the trust service principles (security, availability, processing integrity, confidentiality and privacy). SOC 3 Report- This is a marketing focused report and has the same procedures as a SOC 2 report, except it does not provide as much detail on controls. These reports are designed for a more general audience. Questions? Contact us.