Many organizations include the review of Service Organization Controls (SOC) examination reports in their annual vendor due diligence activities; however, most are unsure of what they should be looking for in the report.  Determining what is relevant and knowing how to read a SOC examination report can help to ensure that organizations get the most value and assurance out of their review.

The role of the Information Security Officer (ISO) varies based on the size and complexity of an organization. It may be a full or part-time position held by an employee having only ISO responsibilities or by an employee having other roles within the organization. A primary role of the ISO is to work with management to strengthen its information security program and to protect the organization’s information assets.