syse-blog-header

BLOG

SOC 2 Report: Why we do it.

March 24, 2016 | Posted in:

General, Data Points, IT Security

socforserviceorganizationslogososEach year, Systems Engineering (SE) undergoes a SOC 2 audit to ensure our organization is meeting the standards dictated by the Trust Service Principles (explained below). Approved SOC 2 auditors visit our offices annually to review and validate the effectiveness of our internal controls. 

What is a SOC 2? 

A SOC 2 Report is an acronym for “Service Organization Control” Type 2 Report, and is a series of accounting principles that assess the stewardship of a service organization’s information and processes.  Set by the American Institute of CPA’s (AICPA), SE is measured against the Trust Service Criteria which include:

  • Security. The system is protected against unauthorized access (both physical and logical).
  • Availability. The system is available for operation and use as committed or agreed upon.
  • Processing Integrity. System processing is complete, accurate, timely, and authorized.
  • Confidentiality. Information designated as confidential is protected as committed or agreed.
  • Privacy. Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA. The TSPC of security, availability, and processing integrity are used to evaluate whether a system is reliable.

Each principle has a defined criteria or control which must be met in order to demonstrate adherence.  The audit results either confirm or find exception with an organization’s design of their controls, and the operating effectiveness of those controls.  When all standards are fully met, an auditing firm produces an “unqualified opinion,” which means that no material exceptions were found.

We strive to maintain the highest level of professionalism and responsibility for our clients which is why we undergo a review of our environment each year.  Although this audit is not required, we are committed to the annual examination so our clients know we can be trusted with their sensitive data and processes.

To learn more, email info@syseng.com, or call 888.624.6737 to speak to a Systems Engineering representative.