Have you ever questioned how you can measure the quality of a managed service provider (MSP), and their stance on IT security? Do they put security first within their own organization? The good news is a reputable MSP can answer this question by producing an impartial 3rd party SOC 2 Report. This audit is a voluntary annual review, and how the results can be an invaluable piece of information for leveling up trust within an MSP.
What is a SOC 2?
The evidence of an MSPs security culture would come from an annual “Service Organization Control” (SOC) Type 2 audit. This is a voluntary audit performed by an independent third-party Certified Public Accountant (CPA) designated by the American Institute of Certified Public Accountants (AICPA). The audit covers five areas of concern that include:
- SECURITY: The system is protected against unauthorized access (both physical and logical).
- AVAILABILITY: The system is available for operation and use as committed or agreed upon.
- PROCESSING INTEGRITY: System processing is complete, accurate, timely, and authorized.
- CONFIDENTIALITY: Information designated as confidential is protected as committed or agreed.
- PRIVACY. Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA. The TSPC of security, availability, and processing integrity are used to evaluate whether a system is reliable.
Each principle has a defined criteria or control which is measured against the Trust Service Criteria and must be met in order to demonstrate adherence. The audit results either confirm or find exception with an organization’s design of their controls, and the operating effectiveness of those controls. When all standards are fully met, an auditing firm produces an “unqualified opinion,” which means that no material exceptions were found.
Each year, Systems Engineering undergoes a SOC 2 audit to ensure our organization is meeting the standards dictated by the Trust Service Principles. Approved SOC 2 Compliance auditors visit our offices annually to review and validate the effectiveness of our internal controls. We strive to maintain the highest level of professionalism and responsibility for our clients which is why we undergo a review of our environment each year. Although this audit is not required, we are committed to the annual examination so our clients know we can be trusted with their sensitive data and processes.
To learn more, email info@systemsengineering.com, or call 888.624.6737 to speak to a Systems Engineering representative.
