Rest Assured: How a SOC 2 Report Builds Trust with Your Customers that Their Data Is Secure

Written By:

Petra Orquiola


You May be Putting Your Customers at Risk

Every day, it seems, some new technology is released that promises to bring us closer together. But these innovations expose us to unforeseen risks and challenges.

“New technologies and business concepts, from artificial intelligence to cryptocurrencies to 5G mobile connectivity, promise to rewrite the rules on unconventional risks as well as their potential to significantly impact organizations,” writes the Institute of Internal Auditors in its 2019 North American Pulse of Internal Audit survey report. In this report, chief audit executives report a troubling misalignment among business leaders about these emerging risks.

Third-party relationships — relationships between customer-facing entities and the companies that process or store sensitive information in the background on their behalf — are one area of significant vulnerability. Nearly half of the internal audit executives responding to the 2019 survey say that organizational oversight of third-party relationships is ad hoc, weak or nonexistent.

This status quo cannot continue. As the business world grows more interconnected, business partners need to be able to trust that everyone in their ecosystem operates securely and with integrity. This is where information assurance reports come in.

Is a SOC 2 Report Right for You?

If your company processes or stores sensitive information on behalf of other companies, then you have probably already been asked to provide some type of assurance regarding the controls over your information and systems. Often, the assurance requested is a System and Organization Controls (SOC) report — a report on internal controls developed by the American Institute of Certified Public Accountants (AICPA). One of these reports, SOC 2 for Service Organizations, focuses on company controls that relate to the privacy and confidentiality of personal data, as well as the security, availability and processing integrity of the systems used to process data.

The SOC 2 report is prepared by management and attested to by an independent auditor. It provides an in-depth view of the systems and processes that are integral to protecting the sensitive information that your company processes, maintains or stores on behalf of another company.

Evolving technologies are making the highly transparent SOC 2 report even more attractive to even more companies. As Walmart and a growing list of other large corporations adopt blockchain technology, they will expect their vendors and other business partners to comply with this new way of tracking goods, services and payments, and they will expect assurance regarding internal controls over those systems and processes.

Start Preparing Now for Increased Peace of Mind

When it comes to securing large contracts, time is of the essence. Implementing and documenting the required controls for a SOC 2 report can take intensive time and effort. You’ll be best positioned to respond to opportunities and negotiate if you’re prepared to provide the form of assurance your prospective customers seek.

The assurance experts at Williams Benator & Libby (WBL) have field-tested processes that will make it as efficient and painless as possible to gather the required information for your SOC report. If you have been asked by a customer or potential customer for a SOC 2 report, and especially if your company has not prepared one of these reports in the past, contact the SOC 2 reporting experts at WBL today for a consultation.